Lucene search
K

50 matches found

PyPA
PyPA
added 2022/02/04 11:15 p.m.5 views

PYSEC-2022-146

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow t...

6.5CVSS6.9AI score0.00783EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2022/02/04 10:32 p.m.3 views

CVE-2022-23582

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow t...

6.5CVSS6.9AI score0.00783EPSS
Exploits1
PyPA
PyPA
added 2022/02/03 12:15 p.m.7 views

PYSEC-2022-76

Tensorflow is an Open Source Machine Learning Framework. The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial...

6.5CVSS6.9AI score0.01097EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/02/03 12:15 p.m.10 views

PYSEC-2022-131

Tensorflow is an Open Source Machine Learning Framework. The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial...

6.5CVSS6.6AI score0.01097EPSS
Exploits1References5
OSV
OSV
added 2022/02/03 12:15 p.m.6 views

PYSEC-2022-132

Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service. We are missing some validation on the...

6.5CVSS5.9AI score0.008EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2022/02/03 11:52 a.m.3 views

CVE-2022-23567

Tensorflow is an Open Source Machine Learning Framework. The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial...

6.5CVSS6.9AI score0.01097EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/02/03 11:42 a.m.2 views

CVE-2022-23568

Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service. We are missing some validation on the...

6.5CVSS7.2AI score0.008EPSS
Exploits1
OSV
OSV
added 2021/11/10 7:35 p.m.5 views

GHSA-PRCG-WP5Q-RV7P Crashes due to overflow and `CHECK`-fail in ops with large tensor shapes

Impact TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs, MultiplyWithoutOverflow would return a negative result. In the majority of...

6.8CVSS5.8AI score0.00307EPSS
Exploits1References11
PyPA
PyPA
added 2021/11/05 10:15 p.m.5 views

PYSEC-2021-843

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

7.8CVSS7.1AI score0.00174EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2021/11/05 12:0 a.m.6 views

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A security vulnerability exists in Google TensorFlow versions prior to 2.7.0, which stems from a lack of validation of the shape of the tensor parameter involved in a call...

7.8CVSS7.3AI score0.00174EPSS
Exploits0References9
OSV
OSV
added 2021/08/12 9:15 p.m.18 views

CVE-2021-37641

TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to tf.rawops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The implementation directly reads the first...

7.1CVSS7.1AI score
Exploits0References2
OSV
OSV
added 2021/05/21 2:26 p.m.3 views

GHSA-XVJM-FVXX-Q3HV CHECK-fail due to integer overflow

Impact An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape: python import tensorflow as tf inputlayer = 260-1 sparsedata = tf.rawops.SparseSplit splitdim=1, indices=0, 0, 0, 1, 0, 2, 4, 3, 5, 0, 5, 1, values=1.0, 1.0, 1....

2.5CVSS6AI score0.00189EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2021/05/21 2:26 p.m.37 views

Heap buffer overflow in `AvgPool3DGrad`

Impact The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow: python import tensorflow as tf originputshape = tf.constant10, 6, 3, 7, 7, shape=5, dtype=tf.int32 grad = tf.constant0.01, 0, 0, shape=3, 1, 1, 1, 1, dtype=tf.float32 ksize = 1, 1, 1, 1, 1 strides = 1, 1...

7.8CVSS2.5AI score0.00211EPSS
Exploits1References7Affected Software3
OSV
OSV
added 2021/05/14 8:15 p.m.17 views

CVE-2021-29521

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...

5.5CVSS5.3AI score
Exploits0References2
Prion
Prion
added 2021/05/14 8:15 p.m.14 views

Heap overflow

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...

4.6CVSS7.7AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.7 views

PYSEC-2021-710

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...

5.5CVSS7.2AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.5 views

PYSEC-2021-512

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...

5.5CVSS7.2AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.5 views

PYSEC-2021-221

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...

5.5CVSS7.2AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.5 views

PYSEC-2021-171

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.SparseConcat. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/05/14 8:15 p.m.22 views

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...

2.1CVSS5.3AI score0.00189EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder