CVE-2021-33650

When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers...

CVE-2021-33649

When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the inputshape, it will access data outside of bounds of inputshape which allocated from heap buffers...

CVE-2021-33649

The CVE-2021-33649 issue affects Huawei MindSpore Community’s Transpose operator. When performing the inference shape operation, if the perm element value is greater than or equal to the input_shape size, the implementation may access data outside the heap-allocated input_shape buffers, potential...

CVE-2021-33647

Huawei MindSpore Community Tile’s Tile operator may disclose sensitive data when performing the inference shape operation if the input data type is not int or int32, due to out-of-bounds access of heap buffers. Affected: MindSpore Community Tile (Tile operator). Root cause: type check bypass lead...

CVE-2021-33648

CVE-2021-33648 affects Huawei MindSpore Community’s shape-inference logic for operators including Affine , Concat , MatMul , ArgMinMax , EmbeddingLookup , and Gather . When the input shape size is 0, the code may access data outside of the heap-allocated shape, causing an information-disclosure-t...

CVE-2021-33648

When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers...

Huawei MindSpore Community数字错误漏洞

Huawei MindSpore Community is an open source deep learning framework from Huawei, China. A security vulnerability exists in Huawei MindSpore Community versions prior to 1.3.0, which stems from a divide-by-0 exception when performing the derived shape operation of the SpaceToBatch operator if the...

Huawei MindSpore Community 缓冲区错误漏洞

Huawei MindSpore Community, an open source deep learning framework from Huawei, China, is vulnerable to an information disclosure vulnerability in Huawei MindSpore Community Transpose, which results from accessing sensitive data when the value in the perm element is greater than or equal to the...

Huawei MindSpore Community 缓冲区错误漏洞

Huawei MindSpore Community is an open source deep learning framework from Huawei, China. Huawei MindSpore Community suffers from an information disclosure vulnerability that stems from accessing a shape allocated from the heap buffer if the input shape size is 0 when performing inferred shape...

ALPINE-CVE-2022-33068

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service DoS via unspecified vectors...

Integer overflow

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service DoS via unspecified vectors...

UBUNTU-CVE-2022-33068

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service DoS via unspecified vectors...

CVE-2022-33068

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service DoS via unspecified vectors...

HarfBuzz 输入验证错误漏洞

HarfBuzz is a text engine for OpenType fonts. HarfBuzz v4.3.0 is vulnerable to a denial of service vulnerability caused by an integer overflow in the hb-ot-shape-fallback.cc component, which can be exploited to cause a denial of service DoS via an unspecified vector...

GHSA-MG66-QVC5-RM93 Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix`

Impact The implementation of tf.rawops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf indices = tf.constant53, shape=3, dtype=tf.int64 values =...

Google TensorFlow buffer overflow vulnerability (CNVD-2022-11507)

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google Tensorflow has a buffer overflow vulnerability, which stems from the implementation of ReverseSequence's shape inference does not fully validate the value of batch dim, and an attacker can...

Type confusion leading to segfault in Tensorflow

Impact The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion: python import tensorflow as tf @tf.function def test: y = tf.rawops.ConcatV2 values=1,2,3,4,5,6, axis = 0xb500005b return y test The axis argument...

GHSA-M4HF-J54P-P353 Type confusion leading to segfault in Tensorflow

Impact The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion: python import tensorflow as tf @tf.function def test: y = tf.rawops.ConcatV2 values=1,2,3,4,5,6, axis = 0xb500005b return y test The axis argument...

GHSA-5QW5-89MW-WCG2 Out of bounds write in Tensorflow

Impact TensorFlow is vulnerable to a heap OOB write in Grappler: cc Status SetUnknownShapeconst NodeDef node, int outputport shapeinference::ShapeHandle shape = GetUnknownOutputShapenode, outputport; InferenceContext ctx = GetContextnode; if ctx == nullptr return errors::InvalidArgument"Missing...

GHSA-RRX2-R989-2C43 Integer overflows in Tensorflow

Impact The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial of service: python import tensorflow as tf import...