389 matches found
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when the BaseCandidateSamplerOp function receives a value in trueclasses larger than rangemax. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Yu...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation due to a missing check of tf.image.generateboundingboxproposals that receives a scores input that must be of rank 4 when running on GPU. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. Referenc...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow via tf.rawops.FusedResizeAndPadConv2D when a large tensor shape is given. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Neophytos Christou from SSL ...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS because the conversions from char to bool are undefined if the char is not 0 or 1. This can happen when printing a tensor: the data is got as a const char array and then it is typecasted to the element type. Detail...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when ThreadUnsafeUnigramCandidateSampler is given input filterbankchannelcount greater than the allowed max size. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessib...
Reachable Assertion
Overview Affected versions of this package are vulnerable to Reachable Assertion when tf.rawops.TensorListResize is given a nonscalar value for input size. It will results in a CHECK fail which can be used to trigger a denial of service attack. Remediation Upgrade tensorflow-lite to version 2.12....
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when FractionMaxPoolGrad is given outsize inputs rowpoolingsequence and colpoolingsequence. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read. This is If MirrorPadGrad is given outsize input paddings. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Vul AI...
Incorrect Calculation of Buffer Size
Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size when tf.rawops.ResizeNearestNeighborGrad is given a large size input. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Neophytos...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when tf.rawops.TensorListConcat is given elementshape=. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when BCast::ToShape is given input larger than an int32, even if it is being supposed to handle up to an int64. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference because the pywrap code fails to parse the tensor and returns a nullptr if a list of quantized tensors is assigned to an attribute. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References -...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow. The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when an input encoded is not a valid CompositeTensorVariant tensor. This will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. Details Denial of Service DoS describes a family of attacks, all aim...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. This is vulnerable when an input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in FractionalMaxAVGPool with illegal poolingratio. Attackers can access heap memory that is not in the user's control, leading to a crash or remote code execution. Remediation Upgrade tensorflow-lite to version 2.12....
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when the input sparsematrix is not a matrix with a shape with rank 0. As a result, a CHECK fail will be triggered in tf.rawops.SparseMatrixNNZ. Details Denial of Service DoS describes a family of attacks, all aimed...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. This is due to the inputs densefeatures or examplestatedata not being of rank 2 which will trigger a CHECK fail in SdcaOptimizer. Details Denial of Service DoS describes a family of attacks, all aimed at making a...
CVE-2022-41894
CVE-2022-41894 affects TensorFlow/TFLite CONV_3D_TRANSPOSE reference kernel. The bug increments data_ptr by num_channels instead of output_num_channels, enabling an out-of-bounds write to the bias buffer when input channels exceed output channels. Attack requires using the reference kernel resolv...
PT-2022-26125 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1 and earlier TensorFlow versions 2.9.3 and earlier TensorFlow versions 2.8.4 and earlier Description: The reference kernel of the CONV 3D TRANSPOSE TensorFlow Lite operator wrongly...