Lucene search
+L

165 matches found

OSV
OSV
added 2021/05/21 2:28 p.m.15 views

GHSA-9RPC-5V9Q-5R7F Incomplete validation in `SparseReshape`

Impact Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. python import tensorflow as tf inputindices = tf.constant41, shape=1, 1, dtype=tf.int64 inputshape = tf.zeros11, dtype=tf.int64 newshape = tf.zeros1, dtype=tf.int64...

3.6CVSS5.8AI score0.00202EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2021/05/21 2:26 p.m.47 views

Null pointer dereference in TFLite's `Reshape` operator

Impact The fix for CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the vulnerability allowed passing a null-buffer-backed tensor with a 1D shape: cc if tensor-data.raw == nullptr && tensor-bytes 0 if...

7.8CVSS0.6AI score0.008EPSS
Exploits2References8Affected Software3
OSV
OSV
added 2021/05/21 2:26 p.m.1 views

GHSA-JJR8-M8G8-P6WV Null pointer dereference in TFLite's `Reshape` operator

Impact The fix for CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the vulnerability allowed passing a null-buffer-backed tensor with a 1D shape: cc if tensor-data.raw == nullptr && tensor-bytes 0 if...

4.8CVSS6.8AI score0.00215EPSS
Exploits1References8
OSV
OSV
added 2021/05/21 2:22 p.m.5 views

GHSA-2GFX-95X2-5V3X Heap buffer overflow in `QuantizedReshape`

Impact An attacker can cause a heap buffer overflow in QuantizedReshape by passing in invalid thresholds for the quantization: python import tensorflow as tf tensor = tf.constant, dtype=tf.qint32 shape = tf.constant, dtype=tf.int32 inputmin = tf.constant, dtype=tf.float32 inputmax = tf.constant,...

2.5CVSS6AI score0.00211EPSS
Exploits1References7
Veracode
Veracode
added 2021/05/17 7:4 a.m.16 views

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. A null pointer dereference in TFLite's Reshape operator allows an attacker to crash the application...

7.8CVSS3.6AI score0.00215EPSS
Exploits1References2Affected Software3
CNVD
CNVD
added 2021/05/17 12:0 a.m.6 views

Google TensorFlow null pointer dereference vulnerability (CNVD-2021-36337)

Google TensorFlow is an end-to-end open source machine learning platform. A null pointer dereference vulnerability exists in the Reshape operator in Google TensorFlow. No details of the vulnerability are provided at this time...

7.8CVSS6.5AI score0.00215EPSS
Exploits1References1
PyPA
PyPA
added 2021/05/14 8:15 p.m.7 views

PYSEC-2021-464

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedReshape by passing in invalid thresholds for the quantization. This is because the...

7.8CVSS7.4AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.7 views

PYSEC-2021-229

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209https://vulners.com/cve/CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the...

7.8CVSS6.9AI score0.008EPSS
Exploits2References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.6 views

PYSEC-2021-718

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209https://vulners.com/cve/CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the...

7.8CVSS6.9AI score0.008EPSS
Exploits2References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.5 views

PYSEC-2021-737

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...

5.5CVSS6.9AI score0.00202EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/05/14 8:15 p.m.22 views

PYSEC-2021-520

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209https://vulners.com/cve/CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the...

7.8CVSS6.5AI score0.00215EPSS
Exploits1References2
OSV
OSV
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-718

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209https://vulners.com/cve/CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the...

7.8CVSS5.9AI score0.00215EPSS
Exploits1References2
Prion
Prion
added 2021/05/14 8:15 p.m.17 views

Null pointer dereference

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209https://vulners.com/cve/CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the...

4.6CVSS5.8AI score0.008EPSS
Exploits2References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.7 views

PYSEC-2021-520

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209https://vulners.com/cve/CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the...

7.8CVSS6.9AI score0.008EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2021/05/14 8:15 p.m.10 views

PYSEC-2021-229

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209https://vulners.com/cve/CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the...

7.8CVSS6.8AI score0.00215EPSS
Exploits1References2
OSV
OSV
added 2021/05/14 8:15 p.m.3 views

PYSEC-2021-662

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedReshape by passing in invalid thresholds for the quantization. This is because the...

7.8CVSS6.3AI score0.00211EPSS
Exploits1References2
OSV
OSV
added 2021/05/14 8:15 p.m.6 views

PYSEC-2021-248

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...

5.5CVSS6.1AI score0.00202EPSS
Exploits1References2
OSV
OSV
added 2021/05/14 8:15 p.m.5 views

PYSEC-2021-737

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...

5.5CVSS6.1AI score0.00202EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/05/14 7:22 p.m.27 views

CVE-2021-29592 Null pointer dereference in TFLite's `Reshape` operator

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209https://vulners.com/cve/CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the...

4.4CVSS6.9AI score0.00215EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2021/05/14 7:22 p.m.5 views

CVE-2021-29592

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209https://vulners.com/cve/CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the...

7.8CVSS7AI score0.00215EPSS
Exploits1
Rows per page
Query Builder