Lucene search
K

751 matches found

Debian CVE
Debian CVE
added 2022/05/20 8:50 p.m.4 views

CVE-2022-29191

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...

5.5CVSS6.8AI score0.0035EPSS
Exploits1
CNNVD
CNNVD
added 2022/05/20 12:0 a.m.2 views

Google TensorFlow代码问题漏洞

Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable to a code issue in versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which stems from tf.rawops. SparseTensorDenseAdd has incomplete validation for the input parameters. No detailed...

5.5CVSS5.7AI score0.00338EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2022/05/20 12:0 a.m.4 views

PT-2022-19443 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description: The implementation of tf.raw ops.GetSessionTensor does not fully validate the input...

5.5CVSS5.3AI score0.0035EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2022/05/20 12:0 a.m.5 views

PT-2022-19463 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow version 2.8.0 Description: The issue arises from the TensorKey hash function using total estimated AllocatedBytes, which is an estimate per tensor and a poor hash function for constants, such as int32 t. It also attempts to access...

5.5CVSS5.3AI score0.00225EPSS
Exploits0References12
OSV
OSV
added 2022/03/18 5:52 p.m.1 views

GHSA-GV26-JPJ9-C8GQ Incomplete validation in `SparseSparseMinimum`

Impact Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data: python import tensorflow as tf aindices = tf.ones45, 92, dtype=tf.int64 avalues = tf.ones45, dtype=tf.int64...

5.8CVSS5.8AI score0.00234EPSS
Exploits1References7
Veracode
Veracode
added 2022/02/11 10:6 a.m.24 views

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. Building invalid/overflowing tensor shapes leads to CHECK-fails, causing an application crash...

6.5CVSS2.8AI score0.00458EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 12:32 a.m.34 views

Integer overflow in Tensorflow

Impact The implementation of OpLevelCostEstimator::CalculateTensorSize is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements: cc int64t OpLevelCostEstimator::CalculateTensorSize const OpInfo::TensorProperties&...

6.5CVSS2.3AI score0.00783EPSS
Exploits1References7Affected Software3
vulnersOsv
vulnersOsv
added 2022/02/09 11:46 p.m.9 views

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +171 more potentially affected by CVE-2022-21739 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-21739 Source advisory: OSV:GHSA-3MW4-6RJ6-74G5...

6.5CVSS6.5AI score0.00783EPSS
Exploits1
OSV
OSV
added 2022/02/09 11:43 p.m.1 views

GHSA-PFJJ-M3JJ-9JC9 Undefined behavior in `SparseTensorSliceDataset`

Impact The implementation of SparseTensorSliceDataset has an undefined behavior: under certain condition it can be made to dereference a nullptr value: python import tensorflow as tf import numpy as np tf.rawops.SparseTensorSliceDataset indices=, values=, denseshape=1,1 The 3 input arguments...

7.6CVSS5.8AI score0.00746EPSS
Exploits1References7
OSV
OSV
added 2022/02/09 11:39 p.m.4 views

GHSA-RRX2-R989-2C43 Integer overflows in Tensorflow

Impact The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial of service: python import tensorflow as tf import...

7.1CVSS5.8AI score0.01097EPSS
Exploits1References9
vulnersOsv
vulnersOsv
added 2022/02/09 11:39 p.m.5 views

lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by CVE-2022-23568 via tensorflow-cpu (=2.7.0)

tensorflow-cpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - lsmmdma =0.0.4, =0.1.7 - tpu-tf2 =1.0.0 Source cves: CVE-2022-23568 Source advisory: OSV:GHSA-6445-FM66-FVQ2...

6.5CVSS6.5AI score0.008EPSS
Exploits1
OSV
OSV
added 2022/02/09 11:39 p.m.3 views

GHSA-6445-FM66-FVQ2 Integer overflows in Tensorflow

Impact The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service: python import tensorflow as tf import numpy as np tf.rawops.AddManySparseToTensorsMap...

7.1CVSS6AI score0.008EPSS
Exploits1References8
OSV
OSV
added 2022/02/09 11:34 p.m.9 views

GHSA-WCV5-VRVR-3RX2 Integer Overflow or Wraparound in TensorFlow

Impact The Grappler component of TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure in constant folding: cc for const auto& outputprop : outputprops const PartialTensorShape outputshapeoutputprop.shape; // ... The outputprop tensor has a shape that is controlled b...

5.5CVSS6.1AI score
Exploits0References4
OSV
OSV
added 2022/02/09 11:33 p.m.3 views

GHSA-9P77-MMRW-69C7 Null-dereference in Tensorflow

Impact When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a DCHECK: cc const auto attr = attrs.Findarg-s; DCHECKattr != nullptr; if attr-valuecase == AttrValue::kLis...

7.1CVSS6.8AI score0.00992EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/02/09 11:28 p.m.30 views

`CHECK`-fails due to attempting to build a reference tensor

Impact A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as reference types are not allowed. Patches We have patch...

6.5CVSS1.8AI score0.00864EPSS
Exploits1References8Affected Software3
OSV
OSV
added 2022/02/09 11:28 p.m.6 views

GHSA-FX5C-H9F6-RV7C `CHECK`-fails due to attempting to build a reference tensor

Impact A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as reference types are not allowed. Patches We have patch...

6.5CVSS5.9AI score0.00864EPSS
Exploits1References8
Veracode
Veracode
added 2022/02/08 7:30 a.m.23 views

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. The vulnerability exists due to an undefined behavior during the implementation of AssignOp which can result in uninitialized data being copied to a new tensor...

8.8CVSS3.2AI score0.00755EPSS
Exploits1References3Affected Software3
Veracode
Veracode
added 2022/02/08 6:18 a.m.30 views

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. An attacker may exploit the vulnerability by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype...

6.5CVSS3.9AI score0.00992EPSS
Exploits1References3Affected Software3
PyPA
PyPA
added 2022/02/04 11:15 p.m.6 views

PYSEC-2022-128

Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow...

6.5CVSS6.8AI score0.00469EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/02/04 11:15 p.m.6 views

PYSEC-2022-135

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments, if the tensors have an invalid dtype and 0 elements or an invalid shape. This allows...

6.5CVSS6.6AI score0.00469EPSS
Exploits0References2
Rows per page
Query Builder