64 matches found
CVE-2021-29570
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...
CVE-2021-29563
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.RFFT. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination...
CVE-2021-29569
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...
CVE-2021-29521
TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...
CVE-2021-29530
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference by providing an invalid permutation to tf.rawops.SparseMatrixSparseCholesky. This is because the...
Design/Logic Flaw
TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero...
PYSEC-2021-253
TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplifyhttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmeticoptimizer.ccL390-L401 has undefined behavior due to...
PYSEC-2021-715
TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero...
PYSEC-2021-728
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthwiseConv TFLite operator is vulnerable to a division by zero...
Design/Logic Flaw
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd. This is because the implementation of the Eigen...
Code injection
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from tf.rawops.LoadAndRemapMatrix. This is because the...
Type confusion
TensorFlow is an end-to-end open source platform for machine learning. The API of tf.rawops.SparseCross allows combinations which would result in a CHECK-failure and denial of service. This is because the...
Heap overflow
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow by passing crafted inputs to tf.rawops.StringNGrams. This is because the...
Heap overflow
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGrad is vulnerable to a heap buffer overflow. The...
PYSEC-2021-252
TensorFlow is an end-to-end open source platform for machine learning. The implementation of ParseAttrValuehttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attrvalueutil.ccL397-L453 can be tricked into stack overflow due to recursion...
PYSEC-2021-499
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...
PYSEC-2021-463
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedMul by passing in invalid thresholds for the quantization. This is because the...
PYSEC-2021-448
TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to tf.rawops.Conv3DBackprop operations can result in heap buffer overflows. This is because the...
PYSEC-2021-194
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also...
PYSEC-2021-536
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty. The...