797 matches found
Stack overflow
TensorFlow is an open source platform for machine learning. ParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
GHSA-9V8W-XMR4-WGXP TensorFlow vulnerable to `CHECK` fail in `TensorListFromTensor`
Impact When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=6, 6, 2, dtype=tf.bfloat16, maxval=None arg1=tf.random.uniformshape=6, 9, 1, 3,...
GHSA-84JM-4CF3-9JFM TensorFlow vulnerable to `CHECK` failures in `FractionalAvgPoolGrad`
Impact The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. python import tensorflow as tf overlapping = True originputtensorshape =...
GHSA-WXJJ-CGCX-R3VQ TensorFlow vulnerable to `CHECK` failures in `AvgPool3DGrad`
Impact The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack: python import tensorflow as tf ksize = 1, 1, 1, 1, 1 strides = 1, 1, 1, 1, 1 padding ...
GHSA-QHW4-WWR7-GJC5 TensorFlow vulnerable to `CHECK` fail in `EmptyTensorList`
Impact If EmptyTensorList receives an input elementshape with more than one dimension, it gives a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf tf.rawops.EmptyTensorListelementshape=tf.onesdtype=tf.int32, shape=1, 0,...
CVE-2022-35987
TensorFlow is an open source platform for machine learning. DenseBincount assumes its input tensor weights to either have the same shape as its input tensor input or to be length-0. A different weights shape will trigger a CHECK fail that can be used to trigger a denial of service attack. We have...
CVE-2022-35968 `CHECK` fail in `AvgPoolGrad` in TensorFlow
TensorFlow is an open source platform for machine learning. The implementation of AvgPoolGrad does not fully validate the input originputshape. This results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
CVE-2022-35968
TensorFlow is an open source platform for machine learning. The implementation of AvgPoolGrad does not fully validate the input originputshape. This results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
CVE-2022-35963
TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the...
CVE-2022-35959
TensorFlow is an open source platform for machine learning. The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in...
Google TensorFlow 安全漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which originates when EmptyTensorList receives an input elementshape with multiple dimensions and it gives an assertion of failure. An...
Google TensorFlow 安全漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A security vulnerability exists in Google TensorFlow that stems from TensorListScatter and TensorListScatterV2 failing to give an assertion when they receive an elementsha...
Google TensorFlow 安全漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. Google TensorFlow suffers from a security vulnerability that stems from an implementation of FractionalAvgPoolGrad that does not fully validate the input...
Google TensorFlow 安全漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google. A security vulnerability exists in Google TensorFlow, which stems from the fact that when TensorListFromTensor receives an elementshape with a rank greater than 1, it fails to give an assertion, whi...
PT-2022-23062 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The implementation of FractionalAvgPoolGrad does not fully validate the input...
PT-2022-23085 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.0 through 2.9.0 TensorFlow versions 2.8.0 through 2.8.0 TensorFlow versions 2.7.0 through 2.7.1 Description: The DenseBincount function in TensorFlow assumes its input tensor weights...
PT-2022-23058 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The implementation of AvgPool3DGradOp does not fully validate the input orig...
PT-2022-23082 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue arises from ParameterizedTruncatedNormal assuming shape is of type...
PT-2022-23067 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The implementation of AvgPoolGrad does not fully validate the input orig input...
PT-2022-23089 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: TensorFlow is an open source platform for machine learning. When...