CVE-2021-37669

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.NonMaxSuppressionV5 by triggering a division by 0. The implementation uses a user controlled argument to resize a...

CVE-2021-37655

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

PYSEC-2021-775

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The implementation needs to validate that...

CVE-2021-37661

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in boostedtreescreatequantilestreamresource by using negative arguments. The implementation does not validate that numstreams only contains non-negative numbers. I...

CVE-2021-37643

TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to tf.rawops.MatrixDiagPartOp, then the code triggers a null pointer dereference if input is empty or produces invalid behavior, ignoring all values after the first. The...

PYSEC-2021-265

TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to tf.rawops.MatrixDiagPartOp, then the code triggers a null pointer dereference if input is empty or produces invalid behavior, ignoring all values after the first. The...

CVE-2021-37638

TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...

PYSEC-2021-748

TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.rawops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function...

PYSEC-2021-754

TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to tf.rawops.MatrixDiagPartOp, then the code triggers a null pointer dereference if input is empty or produces invalid behavior, ignoring all values after the first. The...

GHSA-WVJW-P9F5-VQ28 Segfault in `tf.raw_ops.SparseCountSparseOutput`

Impact Passing invalid arguments e.g., discovered via fuzzing to tf.rawops.SparseCountSparseOutput results in segfault. Patches We have patched the issue in GitHub commit 82e6203221865de4008445b13c69b6826d2b28d9. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on...

GHSA-MMQ6-Q8R3-48FM Crash in `tf.strings.substr` due to `CHECK`-fail

Impact An attacker can cause a denial of service via CHECK-fail in tf.strings.substr with invalid arguments: python import tensorflow as tf tf.strings.substrinput='abc', len=1, pos=1,-1 python import tensorflow as tf tf.strings.substrinput='abc', len=1, pos=1,2 Patches We have received a patch fo...

GHSA-JF7H-7M85-W2V2 Integer overflow in TFLite memory allocation

Impact The TFLite code for allocating TFLiteIntArrays is vulnerable to an integer overflow issue: cc int TfLiteIntArrayGetSizeInBytesint size static TfLiteIntArray dummy; return sizeofdummy + sizeofdummy.data0 size; An attacker can craft a model such that the size multiplier is so large that the...

GHSA-6QGM-FV6V-RFPV Overflow/denial of service in `tf.raw_ops.ReverseSequence`

Impact The implementation of tf.rawops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. python import tensorflow as tf input = tf.zeros1, 1, 1, dtype=tf.int32 seqlengths = tf.constant0, shape=1, dtype=tf.int32 tf.rawops.ReverseSequence input=input,...

GHSA-9VPM-RCF4-9WQW Division by 0 in `MaxPoolGradWithArgmax`

Impact The implementation of tf.rawops.MaxPoolGradWithArgmax is vulnerable to a division by 0: python import tensorflow as tf input = tf.constant, shape=0, 0, 0, 0, dtype=tf.float32 grad = tf.constant, shape=0, 0, 0, 0, dtype=tf.float32 argmax = tf.constant, shape=0, dtype=tf.int64 ksize = 1, 1, ...

GHSA-5GQF-456P-4836 Reference binding to nullptr in `SdcaOptimizer`

Impact The implementation of tf.rawops.SdcaOptimizer triggers undefined behavior due to dereferencing a null pointer: python import tensorflow as tf sparseexampleindices = tf.constant0, dtype=tf.int64, tf.constant0, dtype=tf.int64 sparsefeatureindices = tf.constant, shape=0, 0, 0, 0,...

GHSA-545V-42P7-98FQ Heap out of bounds read in `MaxPoolGradWithArgmax`

Impact The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs: python import tensorflow as tf input = tf.constant10.0, 10.0, 10.0, shape=1, 1, 3, 1, dtype=tf.float32 grad = tf.constant10.0, 10.0,...

GHSA-H9PX-9VQG-222H Heap OOB in `QuantizeAndDequantizeV3`

Impact An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3: python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV3 input=2.5,2.5, inputmin=0,0, inputmax=1,1, numbits=30, signedinput=False, rangegiven=False, narrowrange=False, axis=3...

GHSA-JHQ9-WM9M-CF89 CHECK-failure in `UnsortedSegmentJoin`

Impact An attacker can cause a denial of service by controlling the values of numsegments tensor argument for UnsortedSegmentJoin: python import tensorflow as tf inputs = tf.constant, dtype=tf.string segmentids = tf.constant, dtype=tf.int32 numsegments = tf.constant, dtype=tf.int32 separator = ''...

GHSA-X83M-P7PV-CH8V Division by 0 in `QuantizedAdd`

Impact An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedAdd: python import tensorflow as tf x = tf.constant68, 228, shape=2, 1, dtype=tf.quint8 y = tf.constant, shape=2, 0, dtype=tf.quint8 minx = tf.constant10.723421015884028 maxx =...

GHSA-XGC3-M89P-VR3X Heap buffer overflow in `Conv2DBackpropFilter`

Impact An attacker can cause a heap buffer overflow to occur in Conv2DBackpropFilter: python import tensorflow as tf inputtensor = tf.constant386.078431372549, 386.07843139643234, shape=1, 1, 1, 2, dtype=tf.float32 filtersizes = tf.constant1, 1, 1, 1, shape=4, dtype=tf.int32 outbackprop =...