BIT-TENSORFLOW-2020-15197 Denial of Service in Tensorflow

In Tensorflow before version 2.3.1, the SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has rank 2. This tensor must be a matrix because code assumes its elements are access...

SUSE CVE-2021-29521

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...

GHSA-X4QX-4FJV-HMW6 Integer overflow leading to crash in Tensorflow

Impact The implementation of SparseCountSparseOutput can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation: python import tensorflow as tf import numpy as np tf.rawops.SparseCountSparseOutput indices=1,1, values=2, denseshape=2 31, 2 32,...

PYSEC-2022-119

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also...

GHSA-M342-FF57-4JCC Heap OOB read in `tf.raw_ops.SparseCountSparseOutput`

Impact The shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array: python import tensorflow as tf @tf.function def func: return tf.rawops.SparseCountSparseOutput indices=1, values=1, denseshape=10, weights=, binaryoutput= True func The...

GHSA-WVJW-P9F5-VQ28 Segfault in `tf.raw_ops.SparseCountSparseOutput`

Impact Passing invalid arguments e.g., discovered via fuzzing to tf.rawops.SparseCountSparseOutput results in segfault. Patches We have patched the issue in GitHub commit 82e6203221865de4008445b13c69b6826d2b28d9. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on...

GHSA-HR84-FQVP-48MM Segfault in SparseCountSparseOutput

Impact Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. python import tensorflow as tf indices = tf.constant, shape=0, 0, dtype=tf.int64 values = tf.constant,...

PYSEC-2021-158

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...

PYSEC-2021-547

TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments e.g., discovered via fuzzing to tf.rawops.SparseCountSparseOutput results in segfault. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow...

CVE-2021-29521

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...

PYSEC-2020-276

In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights a...

PYSEC-2020-311

In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights a...