4 matches found
TensorFlow vulnerable to `CHECK` fail in `MaxPool`
Impact When MaxPool receives a window size input array ksize with dimensions greater than its input tensor input, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf import numpy as np input = np.ones1, 1, 1, 1 ksize = 1, 1, 2, ...
TensorFlow vulnerable to Int overflow in `RaggedRangeOp`
Impact The RaggedRangOp function takes an argument limits that is eventually used to construct a TensorShape as an int64. If limits is a very large float, it can overflow when converted to an int64. This triggers an InvalidArgument but also throws an abort signal that crashes the program. python...
TensorFlow vulnerable to floating point exception in `Conv2D`
Impact If Conv2D is given empty input and the filter and padding sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. python import tensorflow as tf import numpy as np with tf.device"CPU": also can...
TensorFlow vulnerable to `CHECK` failure in `AvgPoolOp`
Impact The AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program. python import tensorflow as tf import numpy as np value = np.ones1, 1, 1, 1 ksize = 1, 1e20, 1, 1 strides = 1, 1, 1, 1 padding = 'SAM...