10 matches found
Overflow in `ImageProjectiveTransformV2`
Impact When tf.rawops.ImageProjectiveTransformV2 is given a large output shape, it overflows. python import tensorflow as tf interpolation = "BILINEAR" fillmode = "REFLECT" images = tf.constant0.184634328, shape=2,5,8,3, dtype=tf.float32 transforms = tf.constant0.378575385, shape=2,8,...
Overflow in `FusedResizeAndPadConv2D`
Impact When tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows. python import tensorflow as tf mode = "REFLECT" strides = 1, 1, 1, 1 padding = "SAME" resizealigncorners = False input = tf.constant147, shape=3,3,1,1, dtype=tf.float16 size =...
Segfault and OOB write due to incomplete validation in `EditDistance` in TensorFlow
Impact The implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service: python import tensorflow as tf hypothesisindices = tf.constant-1250999896764, shape=3, 3, dtype=tf.int64 hypothesisvalues =...
GHSA-2VV3-56QG-G2CF Missing validation causes denial of service via `LSTMBlockCell`
Impact The implementation of tf.rawops.LSTMBlockCell does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.LSTMBlockCell x=tf.constant0.837607, shape=28,29, dtype=tf.float32,...
Missing validation causes denial of service via `LoadAndRemapMatrix`
Impact The implementation of tf.rawops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf ckptpath = tf.constant...
Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix`
Impact The implementation of tf.rawops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf indices = tf.constant53, shape=3, dtype=tf.int64 values =...
Missing validation causes denial of service via `Conv3DBackpropFilterV2`
Impact The implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.Conv3DBackpropFilterV2 input=tf.constant.5053710941,...
Missing validation causes denial of service via `StagePeek`
Impact The implementation of tf.rawops.StagePeek does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf index = tf.constant, shape=0, dtype=tf.int32 tf.rawops.StagePeekindex=index,...
Missing validation causes denial of service via `GetSessionTensor`
Impact The implementation of tf.rawops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf handle = tf.constant"", shape=0, dtype=tf.string...
[Full-disclosure] Serendipity: Account Hijacking / CSRF Vulnerability
=========================================================== Serendipity: Account Hijacking / CSRF Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0509-001, September 29, 2005...