Lucene search
K

389 matches found

Snyk
Snyk
added 2022/11/20 9:8 a.m.2 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when the BaseCandidateSamplerOp function receives a value in trueclasses larger than rangemax. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Yu...

9.1CVSS6.9AI score0.0038EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to a missing check of tf.image.generateboundingboxproposals that receives a scores input that must be of rank 4 when running on GPU. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. Referenc...

7.5CVSS6.8AI score0.00439EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.2 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via tf.rawops.FusedResizeAndPadConv2D when a large tensor shape is given. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Neophytos Christou from SSL ...

7.5CVSS7AI score0.0043EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.1 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS because the conversions from char to bool are undefined if the char is not 0 or 1. This can happen when printing a tensor: the data is got as a const char array and then it is typecasted to the element type. Detail...

7.5CVSS7AI score0.00389EPSS
Exploits0References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when ThreadUnsafeUnigramCandidateSampler is given input filterbankchannelcount greater than the allowed max size. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessib...

7.5CVSS7AI score0.0044EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.2 views

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion when tf.rawops.TensorListResize is given a nonscalar value for input size. It will results in a CHECK fail which can be used to trigger a denial of service attack. Remediation Upgrade tensorflow-lite to version 2.12....

7.5CVSS6.8AI score0.00439EPSS
Exploits1References3
Snyk
Snyk
added 2022/11/20 9:8 a.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when FractionMaxPoolGrad is given outsize inputs rowpoolingsequence and colpoolingsequence. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...

7.5CVSS7AI score0.0044EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.1 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read. This is If MirrorPadGrad is given outsize input paddings. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Vul AI...

7.5CVSS7AI score0.0044EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.3 views

Incorrect Calculation of Buffer Size

Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size when tf.rawops.ResizeNearestNeighborGrad is given a large size input. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Neophytos...

7.5CVSS7AI score0.0044EPSS
Exploits1References3
Snyk
Snyk
added 2022/11/20 9:8 a.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when tf.rawops.TensorListConcat is given elementshape=. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

7.5CVSS7AI score0.0043EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.4 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when BCast::ToShape is given input larger than an int32, even if it is being supposed to handle up to an int64. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible...

7.5CVSS7AI score0.00439EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference because the pywrap code fails to parse the tensor and returns a nullptr if a list of quantized tensors is assigned to an attribute. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References -...

7.5CVSS7.2AI score0.00404EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.1 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow. The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if...

8.1CVSS8.2AI score0.00523EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.1 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when an input encoded is not a valid CompositeTensorVariant tensor. This will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. Details Denial of Service DoS describes a family of attacks, all aim...

7.5CVSS7AI score0.0049EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.0 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. This is vulnerable when an input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

7.5CVSS7.1AI score0.0045EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.2 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in FractionalMaxAVGPool with illegal poolingratio. Attackers can access heap memory that is not in the user's control, leading to a crash or remote code execution. Remediation Upgrade tensorflow-lite to version 2.12....

9.8CVSS7.7AI score0.00579EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when the input sparsematrix is not a matrix with a shape with rank 0. As a result, a CHECK fail will be triggered in tf.rawops.SparseMatrixNNZ. Details Denial of Service DoS describes a family of attacks, all aimed...

7.5CVSS7AI score0.0044EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:3 a.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. This is due to the inputs densefeatures or examplestatedata not being of rank 2 which will trigger a CHECK fail in SdcaOptimizer. Details Denial of Service DoS describes a family of attacks, all aimed at making a...

7.5CVSS7AI score0.0044EPSS
Exploits1References2
CVE
CVE
added 2022/11/18 12:0 a.m.96 views

CVE-2022-41894

CVE-2022-41894 affects TensorFlow/TFLite CONV_3D_TRANSPOSE reference kernel. The bug increments data_ptr by num_channels instead of output_num_channels, enabling an out-of-bounds write to the bias buffer when input channels exceed output channels. Attack requires using the reference kernel resolv...

8.1CVSS7.5AI score0.00523EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/18 12:0 a.m.3 views

PT-2022-26125 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1 and earlier TensorFlow versions 2.9.3 and earlier TensorFlow versions 2.8.4 and earlier Description: The reference kernel of the CONV 3D TRANSPOSE TensorFlow Lite operator wrongly...

8.1CVSS7.9AI score0.00523EPSS
Exploits1References10
Rows per page
Query Builder