SUSE CVE-2023-25674

TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1...

SUSE CVE-2023-25675

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, tf.rawops.Bincount segfaults when given a parameter weights that is neither the same shape as parameter arr nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1...

SUSE CVE-2023-25676

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1...

SUSE CVE-2023-25801

TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, nnops.fractionalavgpoolv2 and nnops.fractionalmaxpoolv2 require the first and fourth elements of their parameter poolingratio to be equal to 1.0, as pooling on batch and channel dimensions is not supporte...

SUSE CVE-2023-27579

TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +607 more potentially affected by CVE-2023-25661 via tensorflow (>=1.0.1 <=2.11.0rc2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =1.1.0, =0.0.1, =0.2.0, =0.3.1, =0.5.1 and more Source cves: CVE-2023-25661 Source advisory: OSV:GHSA-FXGC-95XX-GRVQ...

cifar-10-model (=7.4.0), gamornet-cpu (>=0.2.3 <=0.4.3) +8 more potentially affected by CVE-2023-25661 via tensorflow-cpu (>=1.15.0 <=2.11.0)

tensorflow-cpu PYPI version =1.15.0, =0.2.3, =0.0.5, =1.0.0, =1.8.2, =0.1.3, =0.3.0.dev221212, =0.7.0, =0.7.5 Source cves: CVE-2023-25661 Source advisory: OSV:GHSA-FXGC-95XX-GRVQ...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a malicious invalid input with zero dimension, which crashes a TensorFlow model Check Failed. Note: An attacker must have privilege to provide input to a Convolution3DTranspose call. PoC import tensorflow as...

GHSA-FXGC-95XX-GRVQ TensorFlow Denial of Service vulnerability

Impact A malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. To minimize the bug, we built a simple single-layer TensorFlow model containing a Convolution3DTranspose layer, which works well with expected inputs and can be deployed...

TensorFlow Denial of Service vulnerability

Impact A malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. To minimize the bug, we built a simple single-layer TensorFlow model containing a Convolution3DTranspose layer, which works well with expected inputs and can be deployed...

AZL-31197 CVE-2023-25661 affecting package tensorflow for versions less than 2.11.1-1

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

CVE-2023-25661

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

Stack overflow

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

CVE-2023-25661 Denial of Service in TensorFlow

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

CVE-2023-25661 Denial of Service in TensorFlow

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

CVE-2023-25661

CVE-2023-25661: TensorFlow denial-of-service due to improper input validation in Convolution3DTranspose. A crafted input can crash the model in versions before 2.11.1 (PoC demonstrated via Convolution3DTranspose). The issue has been patched; upgrade to TensorFlow 2.11.1 or later. IBM advisories (...

CVE-2023-25661 Denial of Service in TensorFlow

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

CVE-2023-25661

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

TensorFlow 输入验证错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. An input validation error vulnerability exists in versions of TensorFlow prior to 2.11.1, which stems from the fact that malicious invalid input can crash a tensorflow mod...

PT-2023-20222 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11.1 Description: A malicious invalid input can crash a TensorFlow model and be used to trigger a denial of service attack. This issue can be exploited using the Convolution3DTranspose function, a common API in...