CVE-2021-37691

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation. We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be...

BIT-TENSORFLOW-2021-37638 Null pointer dereference in `RaggedTensorToTensor` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...

BIT-TENSORFLOW-2021-37643 Null pointer dereference in `MatrixDiagPartOp` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to tf.rawops.MatrixDiagPartOp, then the code triggers a null pointer dereference if input is empty or produces invalid behavior, ignoring all values after the first. The...

BIT-TENSORFLOW-2021-37653 Division by 0 in `ResourceGather` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.rawops.ResourceGather. The implementation computes the value of a value, batchsize, and then divides by it without checking that this...

BIT-TENSORFLOW-2021-37660 Division by 0 in inplace operations in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation has a logic error: it should skip processing i...

BIT-TENSORFLOW-2021-37669 Crash in NMS ops caused by integer conversion to unsigned in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.NonMaxSuppressionV5 by triggering a division by 0. The implementation uses a user controlled argument to resize a...

BIT-TENSORFLOW-2021-37677 Missing validation in shape inference for `Dequantize` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for tf.rawops.Dequantize has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference implementation use...

BIT-TENSORFLOW-2021-37679 Heap OOB in nested `tf.map_fn` with `RaggedTensor`s in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...

BIT-TENSORFLOW-2021-37682 Use of unitialized value in TensorFlow Lite

TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that...

SUSE CVE-2021-37692

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +42 more potentially affected by CVE-2022-23572 via tensorflow (>=2.6.0 <=2.6.2)

tensorflow PYPI version =2.6.0, =0.0.2, =1.0.1, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =1.1.2 - imgtovar =0.8.5 and more Source cves: CVE-2022-23572 Source advisory: OSV:GHSA-RWW7-2GPW-FV6J...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +42 more potentially affected by CVE-2022-23586 via tensorflow (>=2.6.0 <=2.6.2)

tensorflow PYPI version =2.6.0, =0.0.2, =1.0.1, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =1.1.2 - imgtovar =0.8.5 and more Source cves: CVE-2022-23586 Source advisory: OSV:GHSA-43JF-985Q-588J...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +35 more potentially affected by CVE-2021-41203 via tensorflow (>=2.6.0 <=2.6.0rc2)

tensorflow PYPI version =2.6.0, =0.0.2, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =0.1.5, =0.2.1 and more Source cves: CVE-2021-41203 Source advisory: OSV:GHSA-7PXJ-M4JF-R6H2...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +35 more potentially affected by CVE-2021-41222 via tensorflow (>=2.6.0 <=2.6.0rc2)

tensorflow PYPI version =2.6.0, =0.0.2, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =0.1.5, =0.2.1 and more Source cves: CVE-2021-41222 Source advisory: OSV:PYSEC-2021-414...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +35 more potentially affected by CVE-2021-41219 via tensorflow (>=2.6.0 <=2.6.0rc2)

tensorflow PYPI version =2.6.0, =0.0.2, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =0.1.5, =0.2.1 and more Source cves: CVE-2021-41219 Source advisory: OSV:PYSEC-2021-411...

Floating point exception in `SparseDenseCwiseDiv`

Impact The implementation of tf.rawops.SparseDenseCwiseDiv is vulnerable to a division by 0 error: python import tensorflow as tf import numpy as np tf.rawops.SparseDenseCwiseDiv spindices=np.array4, spvalues=np.array-400, spshape=np.array647., dense=np.array0 The implementation uses a common cla...

GHSA-HP4C-X6R7-6555 Floating point exception in `SparseDenseCwiseDiv`

Impact The implementation of tf.rawops.SparseDenseCwiseDiv is vulnerable to a division by 0 error: python import tensorflow as tf import numpy as np tf.rawops.SparseDenseCwiseDiv spindices=np.array4, spvalues=np.array-400, spshape=np.array647., dense=np.array0 The implementation uses a common cla...

GHSA-95XM-G58G-3P88 Integer division by 0 in sparse reshaping

Impact The implementation of tf.rawops.SparseReshape can be made to trigger an integral division by 0 exception: python import tensorflow as tf tf.rawops.SparseReshape inputindices = np.ones1,3, inputshape = np.array1,1,0, newshape = np.array1,0 The implementation calls the reshaping functor...

Integer division by 0 in sparse reshaping

Impact The implementation of tf.rawops.SparseReshape can be made to trigger an integral division by 0 exception: python import tensorflow as tf tf.rawops.SparseReshape inputindices = np.ones1,3, inputshape = np.array1,1,0, newshape = np.array1,0 The implementation calls the reshaping functor...

Null pointer dereference in `MatrixDiagPartOp`

Impact If a user does not provide a valid padding value to tf.rawops.MatrixDiagPartOp, then the code triggers a null pointer dereference if input is empty or produces invalid behavior, ignoring all values after the first: python import tensorflow as tf tf.rawops.MatrixDiagPartV2...