GHSA-8W5G-3WCV-9G2J Tensorflow vulnerable to Out-of-Bounds Read

Impact When the BaseCandidateSamplerOp function receives a value in trueclasses larger than rangemax, a heap oob vuln occurs. python tf.rawops.ThreadUnsafeUnigramCandidateSampler trueclasses=0x100000,1, numtrue = 2, numsampled = 2, unique = False, rangemax = 2, seed = 2, seed2 = 2 Patches We have...

Tensorflow vulnerable to Out-of-Bounds Read

Impact When the BaseCandidateSamplerOp function receives a value in trueclasses larger than rangemax, a heap oob vuln occurs. python tf.rawops.ThreadUnsafeUnigramCandidateSampler trueclasses=0x100000,1, numtrue = 2, numsampled = 2, unique = False, rangemax = 2, seed = 2, seed2 = 2 Patches We have...

Google TensorFlow buffer overflow vulnerability (CNVD-2022-80696)

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google TensorFlow is vulnerable to a buffer overflow vulnerability that originates when an operation with a specified input size receives a different number of inputs, and the executor will crash. No...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4934 more potentially affected by unknown CVE via tensorflow (>=1.0.1 <=2.8.3)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: unknown CVE Source advisory: OSV:GHSA-CQVQ-FVHR-V6HC...

aimodelshare (>=0.0.157 <=0.1.0), aliby (>=0.1.18 <=0.1.55) +69 more potentially affected by unknown CVE via tensorflow (>=2.9.0 <=2.9.2)

tensorflow PYPI version =2.9.0, =0.0.157, =0.1.18, =0.1.11, =0.30.0, =0.2.6, =0.0.1, =1.0.0, =0.0.0, =4.8.2, =0.9.0, =0.99.1 - cvt-tensorflow =1.1.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-CQVQ-FVHR-V6HC...

clip-jax (=0.0.5), sdeper (>=1.1.0 <=1.6.1) potentially affected by unknown CVE via tensorflow-cpu (>=2.9.0 <=2.9.1)

tensorflow-cpu PYPI version =2.9.0, =1.1.0, =1.6.1 Source cves: unknown CVE Source advisory: OSV:GHSA-CQVQ-FVHR-V6HC...

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +188 more potentially affected by unknown CVE via tensorflow-gpu (>=1.10.1 <=2.8.3)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-CQVQ-FVHR-V6HC...

aggmap (>=1.1.1 <=1.2.1), molmap (>=1.3.1 <=1.4.0) potentially affected by unknown CVE via tensorflow-gpu (=2.9.1)

tensorflow-gpu PYPI version =2.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - aggmap =1.1.1, =1.3.1, =1.4.0 Source cves: unknown CVE Source advisory: OSV:GHSA-CQVQ-FVHR-V6HC...

GHSA-CQVQ-FVHR-V6HC `CHECK` failure in `SobolSample` via missing validation

Impact Another instance of CVE-2022-35935, where SobolSample is vulnerable to a denial of service via assumed scalar inputs, was found and fixed. python import tensorflow as tf tf.rawops.SobolSampledim=tf.constant1,0, numresults=tf.constant1, skip=tf.constant1 Patches We have patched the issue in...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by unknown CVE via tensorflow-cpu (>=1.15.0 <=2.7.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-CQVQ-FVHR-V6HC...

`CHECK` failure in `SobolSample` via missing validation

Impact Another instance of CVE-2022-35935, where SobolSample is vulnerable to a denial of service via assumed scalar inputs, was found and fixed. python import tensorflow as tf tf.rawops.SobolSampledim=tf.constant1,0, numresults=tf.constant1, skip=tf.constant1 Patches We have patched the issue in...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by unknown CVE via tensorflow-cpu (>=1.15.0 <=2.7.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XF83-Q765-XM6M...

clip-jax (=0.0.5), sdeper (>=1.1.0 <=1.6.1) potentially affected by unknown CVE via tensorflow-cpu (>=2.9.0 <=2.9.1)

tensorflow-cpu PYPI version =2.9.0, =1.1.0, =1.6.1 Source cves: unknown CVE Source advisory: OSV:GHSA-XF83-Q765-XM6M...

aggmap (>=1.1.1 <=1.2.1), molmap (>=1.3.1 <=1.4.0) potentially affected by unknown CVE via tensorflow-gpu (=2.9.1)

tensorflow-gpu PYPI version =2.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - aggmap =1.1.1, =1.3.1, =1.4.0 Source cves: unknown CVE Source advisory: OSV:GHSA-XF83-Q765-XM6M...

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +188 more potentially affected by unknown CVE via tensorflow-gpu (>=1.10.1 <=2.8.3)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XF83-Q765-XM6M...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4934 more potentially affected by unknown CVE via tensorflow (>=1.0.1 <=2.8.3)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XF83-Q765-XM6M...

aimodelshare (>=0.0.157 <=0.1.0), aliby (>=0.1.18 <=0.1.55) +69 more potentially affected by unknown CVE via tensorflow (>=2.9.0 <=2.9.2)

tensorflow PYPI version =2.9.0, =0.0.157, =0.1.18, =0.1.11, =0.30.0, =0.2.6, =0.0.1, =1.0.0, =0.0.0, =4.8.2, =0.9.0, =0.99.1 - cvt-tensorflow =1.1.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XF83-Q765-XM6M...

GHSA-XF83-Q765-XM6M `CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode

Impact Another instance of CVE-2022-35991, where TensorListScatter and TensorListScatterV2 crash via non scalar inputs inelementshape, was found in eager mode and fixed. python import tensorflow as tf arg0=tf.random.uniformshape=2, 2, 2, dtype=tf.float16, maxval=None arg1=tf.random.uniformshape=2...

`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode

Impact Another instance of CVE-2022-35991, where TensorListScatter and TensorListScatterV2 crash via non scalar inputs inelementshape, was found in eager mode and fixed. python import tensorflow as tf arg0=tf.random.uniformshape=2, 2, 2, dtype=tf.float16, maxval=None arg1=tf.random.uniformshape=2...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4934 more potentially affected by CVE-2022-41911 via tensorflow (>=1.0.1 <=2.8.3)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-41911 Source advisory: OSV:GHSA-PF36-R9C6-H97J...