TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`

...

SUSE CVE-2022-29208

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-15778)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from the fact that input encoded to an invalid CompositeTensorVariant tensor will trigger a segment error in tf...

GHSA-36VM-XW34-X4PJ CHECK-fail in `tf.raw_ops.IRFFT`

Impact An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.IRFFT: python import tensorflow as tf values = -10.0 130 values0 = -9.999999999999995 inputs = tf.constantvalues, shape=10, 13, dtype=tf.float32 inputs = tf.castinputs,...

GHSA-C968-PQ7H-7FXV Division by 0 in `Conv3DBackprop*`

Impact The tf.rawops.Conv3DBackprop operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0: python import tensorflow as tf inputsizes = tf.constant0, 0, 0, 0, 0, shape=5, dtype=tf.int32 filtertensor = tf.constant, shape=0, 0, 0, 1, 0,...

Code injection

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.FractionalAvgPool. This is because the...

PYSEC-2021-688

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.IRFFT. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,...

CVE-2021-29556

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.Reverse. This is because the...

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in TensorFlow 2.4.2,2.3.3,2.2.3, 2.1.4, which can be exploited by an attacker to trigger a heap buffer overflow in tf.rawops.QuantizedResizeBilinear...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service DoS. The vulnerability exists when the eager runtime traverses all tensors in the output, and a tensor could be a null pointer when it is processed from tf.rawops.Switch...