Divide By Zero

tensorflow is vulnerable to Divide By Zero. The vulnerability is caused due to a defect in the implementation of BatchToSpaceNd where TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that one dimension of the block input is 0 resulting in the...

Division By Zero Error

TensorFlow is vulnerable to a division by zero error. The vulnerability is due to insufficient handling of cases where the input's fourth dimension is zero in the DepthwiseConv TFLite operator, which can allows to execution issues or crashes in machine learning models...

Out-of-bounds Write

tensorflow, tensorflowcpu and tensorflowgpu are vulnerable to Out-of-bounds Write. The vulnerability is caused due to a missing validation. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of ArgMin/ArgMax'...

Denial Of Service (DOS)

TensorFlow is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of the block input in the SpaceToBatchNd TFLite operator, which allows an attacker to set a dimension of the block input to 0, causing a division by zero error, which can crash the system or make it...

Integer Overflow

TensorFlow is vulnerable to an Integer Overflow. The vulnerability is due to an integer overflow in the TFLite code for allocating TFLiteIntArrays, allowing attackers to craft models that cause memory corruption by dereferencing invalid pointers...

Denial Of Service (DOS)

TensorFlow is vulnerable to a denial of service. The vulnerability is due to the improper handling of the dimensionality of the output tensor in TensorFlow Lite's segment sum implementation,where the code uses the last element of the tensor holding segment IDs to determine the output tensor's siz...

Out-Of-Bounds Writes

TensorFlow is vulnerable to out-of-bounds writes. The vulnerability is due to the improper handling of negative elements in the segment ids tensor, allowing negative values that result in out-of-bounds memory writes during the segment sum operation...

Divide By Zero

tensorflow is vulnerable to Divide By Zero. The vulnerability is caused due to the Prepare step of the SpaceToDepth TFLite operator does not check for 0 before division. An attacker can craft a model such that params-blocksize would be zero and potentially leads to DoS...

Divide By Zero

tensorflow is vulnerable to Divide By Zero. The vulnerability is caused due to a defect in the optimized implementation of the TransposeConv TFLite operator where there is a missing validation for strideh,w variable. An attacker can craft a model such that strideh,w values are 0 resulting in Divi...

Out-of-bounds Write

tensorflow, tensorflow-cpu and tensorflowgpu is vulnerable to Out-of-bounds Write. The vulnerability is due to improper handling of tensors when a model uses the same tensor for both an input and output of an operator, which can result in data loss and memory corruption...

AZL-48141 CVE-2024-8088 affecting package tensorflow for versions less than 2.16.1-7

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...

CVE-2023-33976 affecting package tensorflow for versions less than 2.11.1-2

CVE-2023-33976 affecting package tensorflow for versions less than 2.11.1-2. A patched version of the package is available...

AZL-48036 CVE-2024-7592 affecting package tensorflow for versions less than 2.16.1-6

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

SUSE CVE-2023-33976

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

AZL-47385 CVE-2024-6923 affecting package tensorflow for versions less than 2.16.1-9

There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized...

BIT-TENSORFLOW-2023-33976 TensorFlow segfault in array_ops.upper_bound

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

Segmentation Fault

tensorflow is vulnerable to Segmentation Fault. The vulnerability is caused due to a defect in a function arrayops.upperbound when not given a rank 2 tensor. It leads to Denial Of Service DOS...

GHSA-GJH7-XX4R-X345 TensorFlow has segfault in array_ops.upper_bound

Impact arrayops.upperbound causes a segfault when not given a rank 2 tensor. Patches We have patched the issue in GitHub commit 915884fdf5df34aaedd00fc6ace33a2cfdefa586. The fix will be included in TensorFlow 2.13. We will also cherrypick this commit in TensorFlow 2.12.1. For more information...

TensorFlow has segfault in array_ops.upper_bound

Impact arrayops.upperbound causes a segfault when not given a rank 2 tensor. Patches We have patched the issue in GitHub commit 915884fdf5df34aaedd00fc6ace33a2cfdefa586. The fix will be included in TensorFlow 2.13. We will also cherrypick this commit in TensorFlow 2.12.1. For more information...

cifar-10-model (=7.4.0), clip-jax (>=0.0.1 <=0.0.4) +9 more potentially affected by CVE-2023-33976 via tensorflow-cpu (>=1.15.0 <=2.11.1)

tensorflow-cpu PYPI version =1.15.0, =0.0.1, =0.2.3, =0.0.5, =1.0.0, =1.8.2, =0.1.3, =0.3.0.dev221212, =0.7.0, =0.7.5 Source cves: CVE-2023-33976 Source advisory: OSV:GHSA-GJH7-XX4R-X345...