Lucene search
K

54 matches found

OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-976 TensorFlow vulnerable to `CHECK` fail in `QuantizeAndDequantizeV3`

Impact If QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf signedinput = True rangegiven = False narrowrange = False axis = -1 input = tf.constant-3.5, shape=1,...

5.9CVSS5.9AI score0.00396EPSS
Exploits0References7
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-1002 Missing validation crashes `QuantizeAndDequantizeV4Grad`

Impact The implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV4Grad gradients=tf.constant1,...

5.5CVSS5.9AI score0.0034EPSS
Exploits1References11
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-550 TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation

Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c-Diminput,axis goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Gra...

9.8CVSS6.7AI score0.00831EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-549 TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation

Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c-Diminput,axis goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Gra...

9.8CVSS6.7AI score0.00831EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/22 8:54 p.m.4 views

CVE-2021-37645

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on thi...

5.5CVSS6AI score0.00152EPSS
Exploits0References1
OSV
OSV
added 2023/03/24 9:57 p.m.7 views

GHSA-GW97-FF7C-9V96 TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation

Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c-Diminput,axis goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Gra...

9.8CVSS6.8AI score0.00831EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.6 views

SUSE CVE-2021-29544

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the implementation does not validate the rank of the input tensors. In turn, this results in the tensors...

5.5CVSS5.2AI score0.0031EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.10 views

SUSE CVE-2021-29553

TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3. This is because the...

7.1CVSS7AI score0.00198EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.7 views

SUSE CVE-2021-29610

TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument:. The...

7.8CVSS7.6AI score0.00201EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.4 views

SUSE CVE-2022-29192

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service...

5.5CVSS5.3AI score0.0034EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.6 views

SUSE CVE-2022-36026

TensorFlow is an open source platform for machine learning. If QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713...

7.5CVSS7.7AI score0.00396EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2022/09/16 10:5 p.m.25 views

CVE-2022-36026

TensorFlow is an open source platform for machine learning. If QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713...

7.5CVSS6.8AI score0.00396EPSS
Exploits0
OSV
OSV
added 2022/09/16 9:15 p.m.1 views

GHSA-9CR2-8PWR-FHFQ TensorFlow vulnerable to `CHECK` fail in `QuantizeAndDequantizeV3`

Impact If QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf signedinput = True rangegiven = False narrowrange = False axis = -1 input = tf.constant-3.5, shape=1,...

5.9CVSS7AI score0.00396EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2022/05/20 8:30 p.m.23 views

CVE-2022-29192

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service...

5.5CVSS6.8AI score0.0034EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/05/20 12:0 a.m.4 views

PT-2022-19444

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description The implementation of tf.raw ops.QuantizeAndDequantizeV4Grad does not fully validate the...

5.5CVSS6.1AI score0.0034EPSS
Exploits1References18
OSV
OSV
added 2021/11/10 7:4 p.m.12 views

GHSA-49RX-X2RW-PC6F Heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops

Impact The shape inference functions for the QuantizeAndDequantizeV operations can trigger a read outside of bounds of heap allocated array as illustrated in the following sets of PoCs: python import tensorflow as tf @tf.function def test: data=tf.rawops.QuantizeAndDequantizeV4Grad...

7.1CVSS6.9AI score0.00148EPSS
Exploits0References7
PyPA
PyPA
added 2021/11/05 9:15 p.m.13 views

PYSEC-2021-813

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the QuantizeAndDequantizeV operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit ...

7.1CVSS6.9AI score0.00148EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/11/05 9:15 p.m.15 views

PYSEC-2021-398

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the QuantizeAndDequantizeV operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit ...

7.1CVSS6.9AI score0.00148EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/11/05 9:15 p.m.6 views

PYSEC-2021-398

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the QuantizeAndDequantizeV operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit ...

7.1CVSS7AI score0.00148EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/11/05 12:0 a.m.10 views

PT-2021-23177 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: The shape inference functions for the QuantizeAndDequantizeV operations can...

7.1CVSS6.7AI score0.00148EPSS
Exploits0References13
Rows per page
Query Builder