BIT-TENSORFLOW-2021-37670 Heap OOB in `UpperBound` and `LowerBound` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...

GHSA-RMG2-F698-WQ35 `tf.raw_ops.Mfcc` crashes

Impact If ThreadUnsafeUnigramCandidateSampler is given input filterbankchannelcount greater than the allowed max size, TensorFlow will crash. python import tensorflow as tf tf.rawops.Mfcc spectrogram = 1.38, 6.32, 5.75, 9.51, samplerate = 2, upperfrequencylimit = 5.0, lowerfrequencylimit = 1.0,...

Google TensorFlow 安全漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4 are vulnerable to a code issue stemming from tf.rawops. QuantizedConv2D does not fully validate input parameters. No detailed...

Google TensorFlow代码问题漏洞

Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable to a code issue in versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which stems from tf.rawops. SparseTensorDenseAdd has incomplete validation for the input parameters. No detailed...

Google TensorFlow 输入验证错误漏洞

Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable in versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4 due to a vulnerability in tf.rawops. UnsortedSegmentJoin has incomplete validation of the input parameters. An attacker could use this...

Atomix has unspecified vulnerabilities

Atomix is a fault-tolerant distributed orchestration framework for JAVA 8. An unspecified vulnerability exists in Atomix version 3.1.5. The vulnerability allows malicious Atomix nodes to remove state from ONOS storage by abusing raw operations. No details of the vulnerability are currently...

Atomix 安全漏洞

Atomix is a fault-tolerant distributed orchestration framework for JAVA 8. An unspecified vulnerability exists in Atomix version 3.1.5. The vulnerability allows malicious Atomix nodes to remove state from ONOS storage by abusing raw operations. No details of the vulnerability are currently...

PT-2021-23183 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: The shape inference functions for SparseCountSparseOutput can trigger a read...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer overflow vulnerability exists in Google TensorFlow, which stems from the fact that in affected versions, an attacker could exploit the vulnerability by sending an invalid argument to tf.rawops...

GHSA-772J-H9XW-FFP5 CHECK-fail in SparseCross due to type confusion

Impact The API of tf.rawops.SparseCross allows combinations which would result in a CHECK-failure and denial of service: python import tensorflow as tf hashedoutput = False numbuckets = 1949315406 hashkey = 1869835877 outtype = tf.string internaltype = tf.string indices1 = tf.constant0, 6, shape=...

PYSEC-2021-454

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2D. This is because the implementationhttps://github.com/tensorflow/tensorflow/blob/988087bd83f144af14087fe4fecee2d250d93737/tensorflow/core/kernels/convops.ccL261-L263...

PYSEC-2021-644

TensorFlow is an end-to-end open source platform for machine learning. In eager mode default in TF 2.0 and later, session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The...

PYSEC-2021-681

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.FusedBatchNorm. This is because the...

PYSEC-2021-689

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.RFFT. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination...

PYSEC-2021-155

TensorFlow is an end-to-end open source platform for machine learning. In eager mode default in TF 2.0 and later, session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The...

PYSEC-2021-689

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.RFFT. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination...

Google TensorFlow 代码问题漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in Google TensorFlow StringNGrams. An attacker can exploit the vulnerability to trigger a dereference to a null pointer in "tf.raw\u ops.stringrams"...

PT-2021-18269 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: The issue arises in eager mode, where...

Google TensorFlow 代码问题漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in Google TensorFlow EditDistance. An attacker can exploit the vulnerability to trigger a null pointer dereference when implementing 'tf.rawuops.EditDistance...