14326 matches found
CVE-2022-41902 Out of bounds write in grappler in Tensorflow
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We hav...
CVE-2022-41910
TensorFlow CVE-2022-41910 affects MakeGrapplerFunctionItem: if input sizes are >= output sizes, it triggers out-of-bounds memory reads or a crash. A fix was committed (a65411a1d69edfb16b25907ffb8f73556ce36bb7) and will be included in TensorFlow 2.11.0, with cherry-picks planned for 2.8.4, 2.9....
CVE-2022-41902 Out of bounds write in grappler in Tensorflow
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We hav...
Google TensorFlow 缓冲区错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer overflow vulnerability exists in versions prior to Google TensorFlow 2.11.0, which can be exploited by attackers to cause out-of-bounds memory reads or crashes...
Google TensorFlow 缓冲区错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer overflow vulnerability exists in versions prior to Google TensorFlow 2.11.0, which can be exploited by attackers to cause out-of-bounds memory reads or crashes...
CVE-2022-41902
CVE-2022-41902 in TensorFlow describes an out-of-bounds read/crash caused by MakeGrapplerFunctionItem input-size handling. A GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7 fixes the issue, and the fix will be released in TensorFlow 2.11.0. The same patch has been cherry-picked to TensorFl...
CVE-2022-41910 Heap out of bounds read in `QuantizeAndDequantizeV2` in Tensorflow
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We hav...
CVE-2022-41902 Out of bounds write in grappler in Tensorflow
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We hav...
CVE-2022-41902
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We hav...
CVE-2022-41910
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We hav...
CVE-2022-41910 Heap out of bounds read in `QuantizeAndDequantizeV2` in Tensorflow
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We hav...
AZL-38755 CVE-2022-35260 affecting package tensorflow for versions less than 2.16.1-1
curl can be told to parse a .netrc file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause ...
AZL-38548 CVE-2022-32221 affecting package tensorflow for versions less than 2.16.1-1
When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...
Segfault in `CompositeTensorVariantToComponents` in Tensorflow
...
`CHECK_EQ` fail via input in `SparseMatrixNNZ` in Tensorflow
...
`CHECK` fail via inputs in `SparseFillEmptyRowsGrad` in Tensorflow
...
Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite
...
`CHECK` fail via inputs in `SdcaOptimizer` in Tensorflow
...
Segfault in `tf.raw_ops.TensorListConcat` in Tensorflow
...
`CHECK` fail in `BCast` overflow in Tensorflow
...