82 matches found
EUVD-2020-0192
Malware in sbrugna...
EUVD-2021-0262
Malware in sbrugna...
EUVD-2020-0194
Malware in sbrugna...
EUVD-2021-0360
Malware in sbrugna...
EUVD-2022-0303
Malicious code in bioql PyPI...
CVE-2022-21738
Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...
CVE-2022-21740
Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also...
BIT-TENSORFLOW-2020-15196 Heap buffer overflow in Tensorflow
In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights a...
BIT-TENSORFLOW-2020-15198 Heap buffer overflow in Tensorflow
In Tensorflow before version 2.3.1, the SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has the same shape as the values one. The values in these tensors are always accessed...
BIT-TENSORFLOW-2021-29521 Segfault in SparseCountSparseOutput
TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...
BIT-TENSORFLOW-2021-41210 Heap OOB read in `tf.raw_ops.SparseCountSparseOutput`
TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow...
BIT-TENSORFLOW-2022-21738 Integer overflow leading to crash in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...
BIT-2020-15196
In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights a...
SUSE CVE-2021-29619
TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments e.g., discovered via fuzzing to tf.rawops.SparseCountSparseOutput results in segfault. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow...
SUSE CVE-2022-21738
Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...
SUSE CVE-2022-21740
Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also...
Heap overflow in Tensorflow
Impact The implementation of SparseCountSparseOutput is vulnerable to a heap overflow: python import tensorflow as tf import numpy as np tf.rawops.SparseCountSparseOutput indices=-1,-1, values=2, denseshape=1, 1, weights=1, binaryoutput=True, minlength=-1, maxlength=-1, name=None Patches We have...
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service. A faulty bin count operation performed in SparseCountSparseOutput causes an assertion failure, allowing an attacker to pass malicious argument to trigger a CHECK-fail...
CVE-2022-21740
Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also...
PYSEC-2022-64
Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also...