Lucene search
+L

262 matches found

Github Security Blog
Github Security Blog
added 2022/02/09 11:28 p.m.26 views

Crash when type cannot be specialized in Tensorflow

Impact Under certain scenarios, TensorFlow can fail to specialize a type during shape inference: cc void InferenceContext::PreInputInit const OpDef& opdef, const std::vector& inputtensors, const std::vector& inputtensorsasshapes const auto ret = fulltype::SpecializeTypeattrs, opdef;...

6.5CVSS1.2AI score0.00992EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2022/02/09 6:29 p.m.404 views

Out of bounds read in Tensorflow

Impact The implementation of shape inference for ReverseSequence does not fully validate the value of batchdim and can result in a heap OOB read: python import tensorflow as tf @tf.function def test: y = tf.rawops.ReverseSequence input = 'aaa','bbb', seqlengths = 1,1,1, seqdim = -10, batchdim = -...

8.1CVSS0.8AI score0.01125EPSS
Exploits1References8Affected Software3
OSV
OSV
added 2022/02/09 6:29 p.m.3 views

GHSA-6GMV-PJP9-P8W8 Out of bounds read in Tensorflow

Impact The implementation of shape inference for ReverseSequence does not fully validate the value of batchdim and can result in a heap OOB read: python import tensorflow as tf @tf.function def test: y = tf.rawops.ReverseSequence input = 'aaa','bbb', seqlengths = 1,1,1, seqdim = -10, batchdim = -...

8.1CVSS5.8AI score0.01125EPSS
Exploits1References8
OSV
OSV
added 2022/02/09 6:29 p.m.2 views

GHSA-C6FH-56W7-FVJW Integer overflow in Tensorflow

Impact The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness: python import tensorflow as tf input = tf.constant1,1,dtype=tf.qint32 @tf.function def test: y = tf.rawops.Dequantize input=input, minrange=1.0, maxrange=10.0, mode='MINCOMBINED',...

7.6CVSS5.9AI score0.00659EPSS
Exploits1References7
CNVD
CNVD
added 2022/02/09 12:0 a.m.21 views

Google Tensorflow code issue vulnerability (CNVD-2022-09885)

Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google TensorFlow is vulnerable to a code issue that stems from the fact that TensorFlow may fail to specialize types during shape inference. No detailed vulnerability details are currently available...

6.5CVSS2.4AI score0.00992EPSS
Exploits1References1
OSV
OSV
added 2022/02/07 10:1 p.m.1 views

GHSA-627Q-G293-49Q7 Abort caused by allocating a vector that is too large in Tensorflow

Impact During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user: cc const auto numdims = Valueshapedim; std::vector dims; dims.reservenumdims; Patches We have patched the issue in GitHub commit 1361fb7e29449629e1df94d44e0427ebec8c83c7. T...

6.5CVSS6.6AI score0.00821EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/02/07 10:1 p.m.30 views

Abort caused by allocating a vector that is too large in Tensorflow

Impact During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user: cc const auto numdims = Valueshapedim; std::vector dims; dims.reservenumdims; Patches We have patched the issue in GitHub commit 1361fb7e29449629e1df94d44e0427ebec8c83c7. T...

6.5CVSS1.6AI score0.00821EPSS
Exploits1References7Affected Software3
NVD
NVD
added 2022/02/04 11:15 p.m.45 views

CVE-2022-23572

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

6.5CVSS0.00992EPSS
Exploits1References3
NVD
NVD
added 2022/02/04 11:15 p.m.58 views

CVE-2022-23580

Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...

6.5CVSS0.00821EPSS
Exploits1References3
Prion
Prion
added 2022/02/04 11:15 p.m.19 views

Stack overflow

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

4CVSS6.6AI score0.00992EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/02/04 11:15 p.m.15 views

Stack overflow

Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...

5CVSS6.6AI score0.00821EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/02/04 11:15 p.m.9 views

PYSEC-2022-136

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

6.5CVSS6.8AI score0.00992EPSS
Exploits1References3
PyPA
PyPA
added 2022/02/04 11:15 p.m.8 views

PYSEC-2022-144

Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...

6.5CVSS7AI score0.00821EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2022/02/04 11:15 p.m.8 views

PYSEC-2022-89

Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...

6.5CVSS7AI score0.00821EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2022/02/04 11:15 p.m.8 views

PYSEC-2022-81

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

6.5CVSS7AI score0.00992EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2022/02/04 11:15 p.m.7 views

PYSEC-2022-136

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

6.5CVSS7AI score0.00992EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/02/04 11:15 p.m.5 views

PYSEC-2022-144

Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...

6.5CVSS6.6AI score0.00821EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.45 views

CVE-2022-23572 Crash when type cannot be specialized in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

6.5CVSS6.7AI score0.00992EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/02/04 10:32 p.m.6 views

CVE-2022-23572

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

6.5CVSS7.1AI score0.00992EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2022/02/04 10:32 p.m.7 views

CVE-2022-23572 Crash when type cannot be specialized in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

6.5CVSS6.5AI score0.00992EPSS
Exploits1References3
Rows per page
Query Builder