SUSE CVE-2023-27579

TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +607 more potentially affected by CVE-2023-25661 via tensorflow (>=1.0.1 <=2.11.0rc2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =1.1.0, =0.0.1, =0.2.0, =0.3.1, =0.5.1 and more Source cves: CVE-2023-25661 Source advisory: OSV:GHSA-FXGC-95XX-GRVQ...

TensorFlow Denial of Service vulnerability

Impact A malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. To minimize the bug, we built a simple single-layer TensorFlow model containing a Convolution3DTranspose layer, which works well with expected inputs and can be deployed...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a malicious invalid input with zero dimension, which crashes a TensorFlow model Check Failed. Note: An attacker must have privilege to provide input to a Convolution3DTranspose call. PoC import tensorflow as...

cifar-10-model (=7.4.0), gamornet-cpu (>=0.2.3 <=0.4.3) +8 more potentially affected by CVE-2023-25661 via tensorflow-cpu (>=1.15.0 <=2.11.0)

tensorflow-cpu PYPI version =1.15.0, =0.2.3, =0.0.5, =1.0.0, =1.8.2, =0.1.3, =0.3.0.dev221212, =0.7.0, =0.7.5 Source cves: CVE-2023-25661 Source advisory: OSV:GHSA-FXGC-95XX-GRVQ...

GHSA-FXGC-95XX-GRVQ TensorFlow Denial of Service vulnerability

Impact A malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. To minimize the bug, we built a simple single-layer TensorFlow model containing a Convolution3DTranspose layer, which works well with expected inputs and can be deployed...

AZL-31197 CVE-2023-25661 affecting package tensorflow for versions less than 2.11.1-1

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

CVE-2023-25661

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

Stack overflow

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

CVE-2023-25661

CVE-2023-25661: TensorFlow denial-of-service due to improper input validation in Convolution3DTranspose. A crafted input can crash the model in versions before 2.11.1 (PoC demonstrated via Convolution3DTranspose). The issue has been patched; upgrade to TensorFlow 2.11.1 or later. IBM advisories (...

CVE-2023-25661 Denial of Service in TensorFlow

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

CVE-2023-25661 Denial of Service in TensorFlow

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

CVE-2023-25661 Denial of Service in TensorFlow

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

CVE-2023-25661

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

PT-2023-20222 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11.1 Description: A malicious invalid input can crash a TensorFlow model and be used to trigger a denial of service attack. This issue can be exploited using the Convolution3DTranspose function, a common API in...

TensorFlow 输入验证错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. An input validation error vulnerability exists in versions of TensorFlow prior to 2.11.1, which stems from the fact that malicious invalid input can crash a tensorflow mod...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when running with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. PoC import tensorflow as tf func = tf.rawops.ParallelConcat...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference due to a null pointer error in RandomShuffle with XLA enabled. PoC import tensorflow as tf func = tf.rawops.RandomShuffle para = 'value': 1e+20, 'seed': -4294967297, 'seed2': -2147483649...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a floating point exception in TensorListSplit with XLA. PoC import tensorflow as tf func = tf.rawops.TensorListSplit para = 'tensor': 1, 'elementshape': -1, 'lengths': 0 @tf.functionjitcompile=True def...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference. The function tf.rawops.LookupTableImportV2 cannot handle scalars in the values parameter and gives a null pointer exception. PoC import tensorflow as tf v = tf.Variable1 @tf.functionjitcompile=True def test: fu...