121 matches found
Design/Logic Flaw
A missing nullptr-check in handlerainput can cause a nullptr-deref...
CVE-2023-0359 ipv6: Missing ipv6 nullptr-check in handle_ra_input
A missing nullptr-check in handlerainput can cause a nullptr-deref...
CVE-2023-0359
CVE-2023-0359 concerns Zephyr RTOS: a missing nullptr-check in the handle_ra_input function can lead to a NULL dereference. The public description states this is the core issue; CVSS metrics from NVD indicate a base score of 7.5 (HIGH) with network attack vector and no user interaction, and the i...
CVE-2023-0359 ipv6: Missing ipv6 nullptr-check in handle_ra_input
A missing nullptr-check in handlerainput can cause a nullptr-deref...
Stack overflow
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1...
CVE-2023-25660
CVE-2023-25660 affects TensorFlow where the parameter summarize of tf.raw_ops.Print, when zero, makes SummarizeArray reference a nullptr, causing a segfault. Affected versions are prior to 2.12.0 and 2.11.1. The issue is triggered by an out-of-bounds-like condition in a debug/print path and is mi...
Amazon Linux 2023 : protobuf, protobuf-compiler, protobuf-devel (ALAS2023-2023-009)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-009 advisory. A flaw was found in protobuf. The vulnerability occurs due to incorrect parsing of a NULL character in the proto symbol and leads to a Null pointer dereference. This flaw allows an attacker to execute...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (protobuf) security update
An update for protobuf is now available for Red Hat OpenStack Platform 16.1.9 Train for Red Hat Enterprise Linux RHEL 8.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (protobuf) security update
An update for protobuf is now available for Red Hat OpenStack Platform 16.2.4 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Google TensorFlow code issue vulnerability (CNVD-2022-80679)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A code issue vulnerability exists in Google TensorFlow, which results from pywrap code failing to parse a tensor and returning an uncaught "nullptr" if a list of quantified tensors is assigned to an...
Oracle Linux 9 : protobuf (ELSA-2022-7970)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7970 advisory. 3.14.0-13 - Rebuilt for test fixes 3.14.0-12 - Rebuilt for test fixes 3.14.0-11 - Applied patch for for CVE-2021-22570 2055641 Tenable has extracted the precedi...
Segfault via invalid attributes in `pywrap_tfe_src.cc`
Impact If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors as input ksizes. python import numpy as np import...
AlmaLinux 9 : protobuf (ALSA-2022:7970)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7970 advisory. - Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name duri...
CVE-2022-41889
TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors...
AZL-11528 CVE-2022-41889 affecting package tensorflow for versions less than 2.11.0-1
TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors...
CVE-2022-41889 Segfault via invalid attributes in `pywrap_tfe_src.cc` in Tensorflow
TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors...
protobuf security update
An update is available for protobuf. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The protobuf packages provide Protocol Buffers, Google's data interchange...
Moderate: protobuf security update
The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data. Security Fixes: protobuf: Incorrect...
Oracle Linux 8 : protobuf (ELSA-2022-7464)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7464 advisory. 3.5.0-15 - Applied patch for for CVE-2021-22570 2050494 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...
AlmaLinux 8 : protobuf (ALSA-2022:7464)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7464 advisory. - Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name duri...