797 matches found
Stack overflow
TensorFlow is an open source platform for machine learning. An input sparsematrix that is not a matrix with a shape with rank 0 will trigger a CHECK fail in tf.rawops.SparseMatrixNNZ. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in...
PT-2022-26121 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1, 2.9.3, and 2.8.4 Description: The issue arises when BCast::ToShape is given input larger than an int32, causing it to crash despite being supposed to handle up to an int64. An...
CVE-2022-41901
CVE-2022-41901 affects TensorFlow. The issue is a CHECK fail in tf.raw_ops.SparseMatrixNNZ triggered when input tensor is not a rank-0 matrix, which can cause a crash (denial of service). Fixed in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693; the fix will be included in TensorFlow 2.11 ...
CVE-2022-41891
TensorFlow is an open source platform for machine learning. If tf.rawops.TensorListConcat is given elementshape=, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix wil...
Google TensorFlow 安全漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial of service vulnerability exists in Google TensorFlow versions prior to 2.8.4, 2.9.0 and later, 2.9.3 and later, 2.10.0 and later, and 2.10.1. TensorListConcat" is given "elementshape=", resulti...
PT-2022-26115 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow version 2.10.1 TensorFlow version 2.9.3 TensorFlow version 2.8.4 Description: The issue arises when a numpy array is created with a shape such that one element is zero and the others sum to a large...
CVE-2022-41885 Overflow in `FusedResizeAndPadConv2D` in Tensorflow
TensorFlow is an open source platform for machine learning. When tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick...
CVE-2022-41890
TensorFlow is an open source platform for machine learning. If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. We have patched the...
UBUNTU-CVE-2022-45406
If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5,...
harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc
A vulnerability found in harfbuzz. An integer overflow in the hb-ot-shape-fallback.cc component allows attackers to cause a denial of service DoS via unspecified vectors...
harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc
A vulnerability found in harfbuzz. An integer overflow in the hb-ot-shape-fallback.cc component allows attackers to cause a denial of service DoS via unspecified vectors...
harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc
A vulnerability found in harfbuzz. An integer overflow in the hb-ot-shape-fallback.cc component allows attackers to cause a denial of service DoS via unspecified vectors...
harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc
A vulnerability found in harfbuzz. An integer overflow in the hb-ot-shape-fallback.cc component allows attackers to cause a denial of service DoS via unspecified vectors...
harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc
A vulnerability found in harfbuzz. An integer overflow in the hb-ot-shape-fallback.cc component allows attackers to cause a denial of service DoS via unspecified vectors...
Drawing a star with DOMMatrix
I recently recorded an episode of HTTP 203 on DOMPoint and DOMMatrix. If you'd rather watch the video version, here it is, but come back here for some bonus details on a silly mistake I made, which I almost got away with. DOMMatrix lets you apply transformations to DOMPoints. I find these APIs...
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service. The vulnerability exists in TensorShapeFromTensor in listkernels.cc because the given element shape is not properly validated which allows an attacker to send element shape with more than one dimension causing an application crash...
CVE-2022-35992
TensorFlow is an open source platform for machine learning. When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fi...
GHSA-2475-53VW-VP25 TensorFlow vulnerable to `CHECK` fail in `AvgPoolGrad`
Impact The implementation of AvgPoolGrad does not fully validate the input originputshape. This results in a CHECK failure which can be used to trigger a denial of service attack: python import tensorflow as tf ksize = 1, 2, 2, 1 strides = 1, 2, 2, 1 padding = "VALID" dataformat = "NHWC"...
TensorFlow vulnerable to `CHECK` fail in `TensorListScatter` and `TensorListScatterV2`
Impact When TensorListScatter and TensorListScatterV2 receive an elementshape of a rank greater than one, they give a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=2, 2, 2, dtype=tf.float16, maxval=None...
GHSA-VM7X-4QHJ-RRCQ TensorFlow vulnerable to `CHECK` fail in `TensorListScatter` and `TensorListScatterV2`
Impact When TensorListScatter and TensorListScatterV2 receive an elementshape of a rank greater than one, they give a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=2, 2, 2, dtype=tf.float16, maxval=None...