CVE-2021-37676 Reference binding to nullptr in shape inference in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...

CVE-2021-37641

TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to tf.rawops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The implementation directly reads the first...

CVE-2021-37655

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

PYSEC-2021-766

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

PYSEC-2021-568

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

PYSEC-2021-766

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

CVE-2021-37655 Heap OOB in `ResourceScatterUpdate` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

CVE-2021-37655

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

CVE-2021-37640

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.SparseReshape can be made to trigger an integral division by 0 exception. The implementation calls the reshaping functor whenever there is at least an index in the input but...

PT-2021-21793 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 TensorFlow version 2.3.4 Description: The issue is related to a division by 0 vulnerability in most implementations of convolution operators in TensorFlow,...

PT-2021-21810 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: TensorFlow is an end-to-end open source platform for machine learning. In affect...

PT-2021-21795 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: The shape inference code for tf.raw ops.Dequantize has a vulnerability that coul...

PT-2021-21771 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: An attacker can trigger a read from outside of bounds of heap allocated data by...

Google TensorFlow资源管理错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A denial of service vulnerability exists in the Google TensorFlow shape inference function. A local attacker can exploit this vulnerability to cause a denial of service condition...

GHSA-CJC7-49V2-JP64 Incomplete validation in `SparseAdd`

Impact Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data: python import tensorflow as tf aindices = tf.zeros10, 97, dtype=tf.int64 avalues = tf.zeros10, dtype=tf.int6...

GHSA-XVJM-FVXX-Q3HV CHECK-fail due to integer overflow

Impact An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape: python import tensorflow as tf inputlayer = 260-1 sparsedata = tf.rawops.SparseSplit splitdim=1, indices=0, 0, 0, 1, 0, 2, 4, 3, 5, 0, 5, 1, values=1.0, 1.0, 1....

GHSA-6F89-8J54-29XF Heap buffer overflow in `FractionalAvgPoolGrad`

Impact The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow: python import tensorflow as tf originputtensorshape = tf.constant1, 3, 2, 3, shape=4, dtype=tf.int64 outbackprop = tf.constant2, shape=1, 1, 1, 1, dtype=tf.int64 rowpoolingsequence = tf.constant1...

GHSA-V6R6-84GR-92RM Heap buffer overflow in `AvgPool3DGrad`

Impact The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow: python import tensorflow as tf originputshape = tf.constant10, 6, 3, 7, 7, shape=5, dtype=tf.int32 grad = tf.constant0.01, 0, 0, shape=3, 1, 1, 1, 1, dtype=tf.float32 ksize = 1, 1, 1, 1, 1 strides = 1, 1...

Heap buffer overflow in `AvgPool3DGrad`

Impact The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow: python import tensorflow as tf originputshape = tf.constant10, 6, 3, 7, 7, shape=5, dtype=tf.int32 grad = tf.constant0.01, 0, 0, shape=3, 1, 1, 1, 1, dtype=tf.float32 ksize = 1, 1, 1, 1, 1 strides = 1, 1...

GHSA-2CPX-427X-Q2C6 CHECK-fail in AddManySparseToTensorsMap

Impact An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.AddManySparseToTensorsMap: python import tensorflow as tf import numpy as np sparseindices = tf.constant530, shape=1, 1, dtype=tf.int64 sparsevalues = tf.ones1, dtype=tf.int64 shape = tf.Variabletf.ones55,...