Segmentation Fault

tensorflow is vulnerable to Segmentation Fault. The vulnerability is caused due to a defect in a function arrayops.upperbound when not given a rank 2 tensor. It leads to Denial Of Service DOS...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +712 more potentially affected by CVE-2023-33976 via tensorflow (>=1.0.1 <=2.12.0rc1)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.1.0, =1.1.2, =0.0.1, =0.3.26, =1.1.0, =1.8.15, =1.8.17, =0.0.1, =0.1.18, =1.8.14, =2.2.0 and more Source cves: CVE-2023-33976 Source advisory: OSV:GHSA-GJH7-XX4R-X345...

cifar-10-model (=7.4.0), clip-jax (>=0.0.1 <=0.0.4) +9 more potentially affected by CVE-2023-33976 via tensorflow-cpu (>=1.15.0 <=2.11.1)

tensorflow-cpu PYPI version =1.15.0, =0.0.1, =0.2.3, =0.0.5, =1.0.0, =1.8.2, =0.1.3, =0.3.0.dev221212, =0.7.0, =0.7.5 Source cves: CVE-2023-33976 Source advisory: OSV:GHSA-GJH7-XX4R-X345...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +156 more potentially affected by CVE-2023-33976 via tensorflow-gpu (>=1.10.1 <=2.12.0)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2023-33976 Source advisory: OSV:GHSA-GJH7-XX4R-X345...

TensorFlow has segfault in array_ops.upper_bound

Impact arrayops.upperbound causes a segfault when not given a rank 2 tensor. Patches We have patched the issue in GitHub commit 915884fdf5df34aaedd00fc6ace33a2cfdefa586. The fix will be included in TensorFlow 2.13. We will also cherrypick this commit in TensorFlow 2.12.1. For more information...

GHSA-GJH7-XX4R-X345 TensorFlow has segfault in array_ops.upper_bound

Impact arrayops.upperbound causes a segfault when not given a rank 2 tensor. Patches We have patched the issue in GitHub commit 915884fdf5df34aaedd00fc6ace33a2cfdefa586. The fix will be included in TensorFlow 2.13. We will also cherrypick this commit in TensorFlow 2.12.1. For more information...

AZL-47242 CVE-2023-33976 affecting package tensorflow for versions less than 2.11.1-2

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

CVE-2023-33976

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to the arrayops.upperbound function. An attacker can cause a denial of service by providing input that is not a rank 2 tensor. Remediation Upgrade tensorflow-lite to version 2.15.0 or higher. Reference...

CVE-2023-33976 TensorFlow segfault in array_ops.upper_bound

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

CVE-2023-33976

CVE-2023-33976: TensorFlow is vulnerable to a denial-of-service crash due to a segfault in array_ops.upper_bound when not given a rank-2 tensor. The documented root cause is a segfault in array_ops.upper_bound; impact is a crash that can be triggered remotely as described in the advisory. The pub...

CVE-2023-33976 TensorFlow segfault in array_ops.upper_bound

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

CVE-2023-33976

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

CVE-2023-33976 TensorFlow segfault in array_ops.upper_bound

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

PT-2024-12453 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.13 TensorFlow versions 2.12 and earlier Description: The issue is caused by array ops.upper bound when not given a rank 2 tensor, resulting in a segfault. The estimated number of potentially affected devices...

TensorFlow 输入验证错误漏洞

TensorFlow is a suite of end-to-end open source platforms for machine learning open-sourced by TensorFlow. An input validation error vulnerability exists in TensorFlow versions prior to 2.13.0, which stems from arrayops.upperbound causing a segmentation error when a 2nd order tensor is not...

CBL Mariner 2.0 Security Update: libpng / tensorflow (CVE-2022-3857)

The version of libpng / tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3857 advisory. - NIST NVD Details CVE-2022-3857 Note that Nessus has not tested for this issue but has instead...

AZL-43207 CVE-2024-3651 affecting package tensorflow for versions less than 2.16.1-7

A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...

CBL Mariner 2.0 Security Update: rust / tensorflow / curl / mysql (CVE-2023-28319)

The version of rust / tensorflow / curl / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-28319 advisory. - A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a...

CBL Mariner 2.0 Security Update: tensorflow / rust / curl (CVE-2023-32001)

The version of tensorflow / rust / curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-32001 advisory. - Rejected reason: We issued this CVE pre-maturely, as we have subsequently realized that th...