720 matches found
GHSA-C3M3-C39Q-PV23 Out of bounds write in slice-deque
Affected versions of this crate entered a corrupted state if mem::sizeof:: % allocationgranularity != 0 and a specific allocation pattern was used: sufficiently shifting the deque elements over the mirrored page boundary. This allows an attacker that controls controls both element insertion and...
Memory corruption slice-deque
Affected versions of this crate did not properly update the head and tail of the deque when inserting and removing elements from the front if, before insertion or removal, the tail of the deque was in the mirrored memory region, and if, after insertion or removal, the head of the deque is exactly...
GHSA-HR3C-6MMP-6M39 Memory corruption slice-deque
Affected versions of this crate did not properly update the head and tail of the deque when inserting and removing elements from the front if, before insertion or removal, the tail of the deque was in the mirrored memory region, and if, after insertion or removal, the head of the deque is exactly...
GHSA-GH6X-4WHR-2QV4 Null pointer dereference and heap OOB read in operations restoring tensors
Impact When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer: python import tensorflow as tf tf.rawops.Restore filepattern='/tmp', tensorname=, defaultvalue=21, dt=tf.int, preferredshard=1 The same undefined behavior c...
Infinite loop in TFLite
Impact The strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition: cc for int i = 0; i params-ellipsismask // ... int ellipsisendidx = std::mini + 1 + numaddaxis +...
GHSA-MHHC-Q96P-MFM9 Infinite loop in TFLite
Impact The strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition: cc for int i = 0; i params-ellipsismask // ... int ellipsisendidx = std::mini + 1 + numaddaxis +...
PYSEC-2021-797
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...
PYSEC-2021-308
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...
CVE-2021-37686
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...
PYSEC-2021-599
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...
PYSEC-2021-308
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...
PYSEC-2021-797
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...
CVE-2021-37686 Infinite loop in TensorFlow Lite
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...
CVE-2021-37686
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...
PYSEC-2021-758
TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, tf.rawops.SparseTensorSliceDataset implementation can be made to dereference a null pointer. The implementation has some argument validation but fails...
PYSEC-2021-560
TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, tf.rawops.SparseTensorSliceDataset implementation can be made to dereference a null pointer. The implementation has some argument validation but fails...
PT-2021-21805 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow version 2.6.0 Description: The strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker c...
CVE-2021-38188
An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new, slice.getuncheckedslice.length is used unsafely...
CVE-2021-38188
An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new, slice.getuncheckedslice.length is used unsafely...
CVE-2021-0552
In getEndItemSliceAction of MediaOutputSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Andro...