BIT-TENSORFLOW-2021-29572 Reference binding to nullptr in `SdcaOptimizer`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.SdcaOptimizer triggers undefined behavior due to dereferencing a null pointer. The...

BIT-TENSORFLOW-2021-29573 Division by 0 in `MaxPoolGradWithArgmax`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax is vulnerable to a division by 0. The...

BIT-TENSORFLOW-2021-29574 Undefined behavior in `MaxPool3DGradGrad`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPool3DGradGrad exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors. The...

BIT-TENSORFLOW-2021-29575 Overflow/denial of service in `tf.raw_ops.ReverseSequence`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. The...

BIT-TENSORFLOW-2021-29576 Heap buffer overflow in `MaxPool3DGradGrad`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPool3DGradGrad is vulnerable to a heap buffer overflow. The...

BIT-TENSORFLOW-2021-29577 Heap buffer overflow in `AvgPool3DGrad`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...

BIT-TENSORFLOW-2021-29578 Heap buffer overflow in `FractionalAvgPoolGrad`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...

BIT-TENSORFLOW-2021-29579 Heap buffer overflow in `MaxPoolGrad`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGrad is vulnerable to a heap buffer overflow. The...

BIT-TENSORFLOW-2021-29580 Undefined behavior and `CHECK`-fail in `FractionalMaxPoolGrad`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a CHECK condition becomes false and aborts...

BIT-TENSORFLOW-2021-29581 Segfault in `CTCBeamSearchDecoder`

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.CTCBeamSearchDecoder, an attacker can trigger denial of service via segmentation faults. The...

BIT-TENSORFLOW-2021-29582 Heap OOB read in `tf.raw_ops.Dequantize`

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.Dequantize, an attacker can trigger a read from outside of bounds of heap allocated data. The...

BIT-TENSORFLOW-2021-29583 Heap buffer overflow and undefined behavior in `FusedBatchNorm`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FusedBatchNorm is vulnerable to a heap buffer overflow. If the tensors are empty, the same implementation can trigger undefined behavior by dereferencing null pointers. The...

BIT-TENSORFLOW-2021-29584 CHECK-fail due to integer overflow

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...

BIT-TENSORFLOW-2021-29585 Division by zero in padding computation in TFLite

TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...

BIT-TENSORFLOW-2021-29586 Division by zero in optimized pooling implementations in TFLite

TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling...

BIT-TENSORFLOW-2021-29587 Division by zero in TFLite's implementation of `SpaceToDepth`

TensorFlow is an end-to-end open source platform for machine learning. The Prepare step of the SpaceToDepth TFLite operator does not check for 0 before divisionhttps://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/spacetodepth.ccL63-L67. An...

BIT-TENSORFLOW-2021-29588 Division by zero in TFLite's implementation of `TransposeConv`

TensorFlow is an end-to-end open source platform for machine learning. The optimized implementation of the TransposeConv TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that strideh,w values are 0. Code calling this function must validate these...

BIT-TENSORFLOW-2021-29589 Division by zero in TFLite's implementation of `GatherNd`

TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero...

BIT-TENSORFLOW-2021-29590 Heap OOB read in TFLite's implementation of `Minimum` or `Maximum`

TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...

BIT-TENSORFLOW-2021-29591 Stack overflow due to looping TFLite subgraph

TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite loop would be...