GHSA-V6H3-348G-6H5X TensorFlow vulnerable to segfault in `QuantizedAdd`

Impact If QuantizedAdd is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf Toutput = tf.qint32 x = tf.constant140, shape=1, dtype=tf.quint8 y = tf.constant26, shape=10,...

CVE-2022-35967

TensorFlow is an open source platform for machine learning. If QuantizedAdd is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89...

GHSA-X83M-P7PV-CH8V Division by 0 in `QuantizedAdd`

Impact An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedAdd: python import tensorflow as tf x = tf.constant68, 228, shape=2, 1, dtype=tf.quint8 y = tf.constant, shape=2, 0, dtype=tf.quint8 minx = tf.constant10.723421015884028 maxx =...

PT-2021-18300 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.1 and earlier TensorFlow versions 2.3.2 and earlier TensorFlow versions 2.2.2 and earlier TensorFlow versions 2.1.3 and earlier Description: An attacker can cause a runtime division b...