Lucene search
K

77 matches found

OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-947 TensorFlow vulnerable to segfault in `SparseBincount`

Impact If SparseBincount is given inputs for indices, values, and denseshape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf binaryoutput = True indices = tf.random.uniformshape=, minval=-10000...

5.9CVSS6.9AI score0.00423EPSS
Exploits0References7
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-1018 Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix`

Impact The implementation of tf.rawops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf indices = tf.constant53, shape=3, dtype=tf.int64 values =...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-1032 Missing validation results in undefined behavior in `SparseTensorDenseAdd

Impact The implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments: python import tensorflow as tf aindices = tf.constant0, shape=17, 2, dtype=tf.int64 avalues = tf.constant, shape=0, dtype=tf.float32 ashape = tf.constant6, 12, shape=2, dtype=tf.int64 b =...

5.5CVSS6.1AI score0.00338EPSS
Exploits1References11
Cvelist
Cvelist
added 2026/06/20 6:27 p.m.20 views

CVE-2026-56340 vLLM - Denial of Service via Unvalidated Multimodal Embeddings

vLLM versions = 0.10.2 and 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed negative or out-of-bounds tensor indices, when the...

8.8CVSS0.00352EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/20 6:27 p.m.6 views

CVE-2026-56340 vLLM - Denial of Service via Unvalidated Multimodal Embeddings

vLLM versions = 0.10.2 and 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed negative or out-of-bounds tensor indices, when the...

8.8CVSS5.9AI score0.00352EPSS
Exploits0References2
OSV
OSV
added 2026/06/20 6:27 p.m.3 views

CVE-2026-56340 vLLM - Denial of Service via Unvalidated Multimodal Embeddings

vLLM versions = 0.10.2 and 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed negative or out-of-bounds tensor indices, when the...

8.7CVSS6AI score0.00352EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/20 6:27 p.m.10 views

CVE-2026-56340

vLLM versions = 0.10.2 and 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed negative or out-of-bounds tensor indices, when the...

8.8CVSS5.9AI score0.00352EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/20 6:27 p.m.50 views

CVE-2026-56340

vLLM versions >= 0.10.2 and

8.8CVSS5.9AI score0.00352EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.21 views

PT-2026-51172

Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.2 through 0.12.x Description Multimodal embeddings processing lacks sparse tensor validation. Since PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests containing...

8.8CVSS5.9AI score0.00352EPSS
Exploits0References6
OSV
OSV
added 2026/01/08 9:47 p.m.6 views

GHSA-MCMC-2M55-J8JJ vLLM introduced enhanced protection for CVE-2025-62164

Summary The fix here for CVE-2025-62164 is not sufficient. The fix only disables prompt embeds by default rather than addressing the root cause, so the DoS vulnerability remains when the feature is enabled. Details vLLM's pending change attempts to fix the root cause, which is the missing sparse...

8.8CVSS6.7AI score0.00352EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/01/08 9:47 p.m.178 views

vLLM introduced enhanced protection for CVE-2025-62164

Summary The fix here for CVE-2025-62164 is not sufficient. The fix only disables prompt embeds by default rather than addressing the root cause, so the DoS vulnerability remains when the feature is enabled. Details vLLM's pending change attempts to fix the root cause, which is the missing sparse...

8.8CVSS6.8AI score0.00849EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/20 8:59 p.m.11 views

vLLM deserialization vulnerability leading to DoS and potential RCE

Summary A memory corruption vulnerability that leading to a crash denial-of-service and potentially remote code execution RCE exists in vLLM versions 0.10.2 and later, in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using...

8.8CVSS8.3AI score0.00849EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/11/20 8:59 p.m.3 views

GHSA-MRW7-HF4F-83PF vLLM deserialization vulnerability leading to DoS and potential RCE

Summary A memory corruption vulnerability that leading to a crash denial-of-service and potentially remote code execution RCE exists in vLLM versions 0.10.2 and later, in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using...

8.8CVSS6.5AI score0.00849EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.22 views

EUVD-2021-0373

Malware in sbrugna...

7.7CVSS5.2AI score0.0016EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0193

Malware in sbrugna...

6.3CVSS6.3AI score0.0072EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-29941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOpmlir::sparsetensor::SortOp. CVE-2023-29941 No...

5.5CVSS5.6AI score0.00215EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:13 p.m.7 views

CVE-2022-29206

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments. In this case, a reference gets bound to a nullptr during kernel execution. This is...

5.5CVSS6.6AI score0.00338EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:24 p.m.5 views

CVE-2021-29545

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in converting sparse tensors to CSR Sparse matrices. This is because the...

5.5CVSS6.7AI score0.00189EPSS
Exploits1References1
Microsoft CVE
Microsoft CVE
added 2024/06/30 2:0 p.m.3 views

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp.

...

5.5CVSS5.5AI score0.00215EPSS
Exploits0
OSV
OSV
added 2024/03/06 11:17 a.m.16 views

BIT-TENSORFLOW-2021-37647 Null pointer dereference in `SparseTensorSliceDataset` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, tf.rawops.SparseTensorSliceDataset implementation can be made to dereference a null pointer. The implementation has some argument validation but fails...

7.7CVSS6.4AI score0.0016EPSS
Exploits0References3
Rows per page
Query Builder