Lucene search
+L

48 matches found

OSV
OSV
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-1023 TensorFlow vulnerable to `CHECK` fail in `ParameterizedTruncatedNormal`

Impact ParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf seed = 1618 seed2 = 0 shape = tf.random.uniformshape=3, minval=-10000,...

5.9CVSS7AI score0.00396EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-1047 TensorFlow vulnerable to Int overflow in `RaggedRangeOp`

Impact The RaggedRangOp function takes an argument limits that is eventually used to construct a TensorShape as an int64. If limits is a very large float, it can overflow when converted to an int64. This triggers an InvalidArgument but also throws an abort signal that crashes the program. python...

5.9CVSS6AI score0.00547EPSS
Exploits0References8
CVE
CVE
added 2026/06/22 9:55 p.m.20 views

CVE-2026-53923

Summary of CVE-2026-53923 : The vulnerability affects vLLM (GGUF dequantize kernels) where integer truncation of tensor dimensions causes partially filled output tensors. From 0.5.5 up to 0.23.1rc0, the code allocates the full output tensor (torch::empty) but the CUDA kernel processes only a trun...

7.5CVSS5.8AI score0.00281EPSS
Exploits0References3Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in libarchive

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive WARC file that claims to have more than INT64MAX – 4 content bytes. An attacker could create a malicious WARC archive to induce this overflow,...

5.6CVSS6.2AI score0.00155EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6976

Malicious code in bioql PyPI...

7.5CVSS8.1AI score0.00547EPSS
Exploits0References7
OSV
OSV
added 2025/06/09 8:15 p.m.7 views

AZL-63759 CVE-2025-5916 affecting package cmake for versions less than 3.30.3-8

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive WARC file that claims to have more than INT64MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow,...

5.6CVSS6.3AI score0.00155EPSS
Exploits0References1
RustSec
RustSec
added 2024/04/24 12:0 p.m.6 views

Arithmetic overflows in cosmwasm-std

Some mathematical operations in cosmwasm-std use wrapping math instead of panicking on overflow for very big numbers. This can lead to wrong calculations in contracts that use these operations. Affected functions: - Uint256,512::pow / Int256,512::pow - Int256,512::neg Affected if overflow-checks ...

5.3CVSS7.3AI score0.00418EPSS
Exploits1Affected Software1
OSV
OSV
added 2024/03/06 11:13 a.m.19 views

BIT-TENSORFLOW-2022-35984 `CHECK` fail in `ParameterizedTruncatedNormal` in TensorFlow

TensorFlow is an open source platform for machine learning. ParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS6.3AI score0.00396EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.6 views

SUSE CVE-2021-41197

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...

5.5CVSS5.5AI score0.00307EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.5 views

SUSE CVE-2022-35984

TensorFlow is an open source platform for machine learning. ParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS7.6AI score0.00396EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.5 views

SUSE CVE-2022-36015

TensorFlow is an open source platform for machine learning. When RangeSize receives values that do not fit into an int64t, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this...

7.5CVSS7.8AI score0.00547EPSS
Exploits0References3
NVD
NVD
added 2022/11/18 10:15 p.m.22 views

CVE-2022-41890

TensorFlow is an open source platform for machine learning. If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. We have patched the...

7.5CVSS0.00439EPSS
Exploits1References3
OSV
OSV
added 2022/11/18 12:0 a.m.26 views

CVE-2022-41890 `CHECK` fail in `BCast` overflow in Tensorflow

TensorFlow is an open source platform for machine learning. If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. We have patched the...

4.8CVSS7.7AI score0.00439EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2022/11/18 12:0 a.m.8 views

CVE-2022-41890 `CHECK` fail in `BCast` overflow in Tensorflow

TensorFlow is an open source platform for machine learning. If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. We have patched the...

4.8CVSS7.1AI score0.00439EPSS
Exploits1References3
NVD
NVD
added 2022/09/16 10:15 p.m.50 views

CVE-2022-35984

TensorFlow is an open source platform for machine learning. ParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS0.00396EPSS
Exploits0References2
OSV
OSV
added 2022/09/16 9:40 p.m.38 views

CVE-2022-35984 `CHECK` fail in `ParameterizedTruncatedNormal` in TensorFlow

TensorFlow is an open source platform for machine learning. ParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

5.9CVSS7.6AI score0.00396EPSS
Exploits0References4
CVE
CVE
added 2022/09/16 9:40 p.m.95 views

CVE-2022-35984

TensorFlow CVE-2022-35984 affects ParameterizedTruncatedNormal where shape is assumed to be int32; providing an int64 shape triggers a mismatched type CHECK failure that can cause a denial of service. The issue has been patched in commit 72180be03447a10810edca700cbc9af690dfeb51 and the fix is sla...

7.5CVSS6.4AI score0.00396EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/09/16 8:15 p.m.49 views

CVE-2022-35940

TensorFlow is an open source platform for machine learning. The RaggedRangOp function takes an argument limits that is eventually used to construct a TensorShape as an int64. If limits is a very large float, it can overflow when converted to an int64. This triggers an InvalidArgument but also...

7.5CVSS0.00547EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/09/16 7:45 p.m.12 views

CVE-2022-35940 Int overflow in `RaggedRangeOp` in Tensoflow

TensorFlow is an open source platform for machine learning. The RaggedRangOp function takes an argument limits that is eventually used to construct a TensorShape as an int64. If limits is a very large float, it can overflow when converted to an int64. This triggers an InvalidArgument but also...

5.9CVSS7.6AI score0.00547EPSS
Exploits0References3
CVE
CVE
added 2022/09/16 7:45 p.m.81 views

CVE-2022-35940

TensorFlow RaggedRangOp is affected by CVE-2022-35940: if limits contains a very large float, converting to int64 can overflow, causing an InvalidArgument and an abort that crashes the program. Patch available in commit 37cefa91bee4eace55715eeef43720b958a01192; expected in TensorFlow 2.10.0 with ...

7.5CVSS6.6AI score0.00547EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder