SUSE CVE-2021-37641

TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to tf.rawops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The implementation directly reads the first...

GHSA-QJ5R-F9MV-RFFH `CHECK`-fails when building invalid tensor shapes in Tensorflow

Impact Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 CVE-2021-41197 and has similar fixes. Patches We have patched the reported issues in multiple GitHub commits. It is possible that other...

PYSEC-2022-132

Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service. We are missing some validation on the...

GHSA-772P-X54P-HJRV Division by zero in `Conv3D`

Impact A malicious user could trigger a division by 0 in Conv3D implementation: python import tensorflow as tf inputtensor = tf.constant, shape=0, 0, 0, 0, 0, dtype=tf.float32 filtertensor = tf.constant, shape=0, 0, 0, 0, 0, dtype=tf.float32 tf.rawops.Conv3Dinput=inputtensor, filter=filtertensor,...

PT-2021-18268 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4 Description: A malicious user could trigger a division by 0 in the Conv3D implementation. The implementatio...