14320 matches found
BIT-TENSORFLOW-2021-29576 Heap buffer overflow in `MaxPool3DGradGrad`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPool3DGradGrad is vulnerable to a heap buffer overflow. The...
BIT-TENSORFLOW-2021-29577 Heap buffer overflow in `AvgPool3DGrad`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...
BIT-TENSORFLOW-2021-29578 Heap buffer overflow in `FractionalAvgPoolGrad`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...
BIT-TENSORFLOW-2021-29579 Heap buffer overflow in `MaxPoolGrad`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGrad is vulnerable to a heap buffer overflow. The...
BIT-TENSORFLOW-2021-29580 Undefined behavior and `CHECK`-fail in `FractionalMaxPoolGrad`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a CHECK condition becomes false and aborts...
BIT-TENSORFLOW-2021-29581 Segfault in `CTCBeamSearchDecoder`
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.CTCBeamSearchDecoder, an attacker can trigger denial of service via segmentation faults. The...
BIT-TENSORFLOW-2021-29582 Heap OOB read in `tf.raw_ops.Dequantize`
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.Dequantize, an attacker can trigger a read from outside of bounds of heap allocated data. The...
BIT-TENSORFLOW-2021-29583 Heap buffer overflow and undefined behavior in `FusedBatchNorm`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FusedBatchNorm is vulnerable to a heap buffer overflow. If the tensors are empty, the same implementation can trigger undefined behavior by dereferencing null pointers. The...
BIT-TENSORFLOW-2021-29584 CHECK-fail due to integer overflow
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...
BIT-TENSORFLOW-2021-29585 Division by zero in padding computation in TFLite
TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...
BIT-TENSORFLOW-2021-29586 Division by zero in optimized pooling implementations in TFLite
TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling...
BIT-TENSORFLOW-2021-29587 Division by zero in TFLite's implementation of `SpaceToDepth`
TensorFlow is an end-to-end open source platform for machine learning. The Prepare step of the SpaceToDepth TFLite operator does not check for 0 before divisionhttps://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/spacetodepth.ccL63-L67. An...
BIT-TENSORFLOW-2021-29588 Division by zero in TFLite's implementation of `TransposeConv`
TensorFlow is an end-to-end open source platform for machine learning. The optimized implementation of the TransposeConv TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that strideh,w values are 0. Code calling this function must validate these...
BIT-TENSORFLOW-2021-29589 Division by zero in TFLite's implementation of `GatherNd`
TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero...
BIT-TENSORFLOW-2021-29590 Heap OOB read in TFLite's implementation of `Minimum` or `Maximum`
TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...
BIT-TENSORFLOW-2021-29591 Stack overflow due to looping TFLite subgraph
TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite loop would be...
BIT-TENSORFLOW-2021-29592 Null pointer dereference in TFLite's `Reshape` operator
TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209https://vulners.com/cve/CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the...
BIT-TENSORFLOW-2021-29593 Division by zero in TFLite's implementation of `BatchToSpaceNd`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the BatchToSpaceNd TFLite operator is vulnerable to a division by zero...
BIT-TENSORFLOW-2021-29594 Division by zero in TFLite's convolution code
TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution codehttps://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc has multiple division where the divisor is controlled by the user and not checked ...
BIT-TENSORFLOW-2021-29595 Division by zero in TFLite's implementation of `DepthToSpace`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthToSpace TFLite operator is vulnerable to a division by zero...