14326 matches found
GHSA-GQ2J-CR96-GVQX `MirrorPadGrad` heap out of bounds read
Impact If MirrorPadGrad is given outsize input paddings, TensorFlow will give a heap OOB error. python import tensorflow as tf tf.rawops.MirrorPadGradinput=1, paddings=0x77f00000,0xa000000, mode = 'REFLECT' Patches We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec9...
`MirrorPadGrad` heap out of bounds read
Impact If MirrorPadGrad is given outsize input paddings, TensorFlow will give a heap OOB error. python import tensorflow as tf tf.rawops.MirrorPadGradinput=1, paddings=0x77f00000,0xa000000, mode = 'REFLECT' Patches We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec9...
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4934 more potentially affected by CVE-2022-41894 via tensorflow (>=1.0.1 <=2.8.3)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-41894 Source advisory: OSV:GHSA-H6Q3-VV32-2CQ5...
aimodelshare (>=0.0.157 <=0.1.0), aliby (>=0.1.18 <=0.1.55) +69 more potentially affected by CVE-2022-41894 via tensorflow (>=2.9.0 <=2.9.2)
tensorflow PYPI version =2.9.0, =0.0.157, =0.1.18, =0.1.11, =0.30.0, =0.2.6, =0.0.1, =1.0.0, =0.0.0, =4.8.2, =0.9.0, =0.99.1 - cvt-tensorflow =1.1.4 and more Source cves: CVE-2022-41894 Source advisory: OSV:GHSA-H6Q3-VV32-2CQ5...
Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite
Impact The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if the number of input channels is different than the number of output...
aimodelshare (>=0.0.157 <=0.1.0), aliby (>=0.1.18 <=0.1.55) +69 more potentially affected by CVE-2022-41893 via tensorflow (>=2.9.0 <=2.9.2)
tensorflow PYPI version =2.9.0, =0.0.157, =0.1.18, =0.1.11, =0.30.0, =0.2.6, =0.0.1, =1.0.0, =0.0.0, =4.8.2, =0.9.0, =0.99.1 - cvt-tensorflow =1.1.4 and more Source cves: CVE-2022-41893 Source advisory: OSV:GHSA-67PF-62XR-Q35M...
a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by CVE-2022-41893 via tensorflow-cpu (>=1.15.0 <=2.7.4)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-41893 Source advisory: OSV:GHSA-67PF-62XR-Q35M...
aggmap (>=1.1.1 <=1.2.1), molmap (>=1.3.1 <=1.4.0) potentially affected by CVE-2022-41893 via tensorflow-gpu (=2.9.1)
tensorflow-gpu PYPI version =2.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - aggmap =1.1.1, =1.3.1, =1.4.0 Source cves: CVE-2022-41893 Source advisory: OSV:GHSA-67PF-62XR-Q35M...
animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +188 more potentially affected by CVE-2022-41893 via tensorflow-gpu (>=1.10.1 <=2.8.3)
tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-41893 Source advisory: OSV:GHSA-67PF-62XR-Q35M...
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4934 more potentially affected by CVE-2022-41893 via tensorflow (>=1.0.1 <=2.8.3)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-41893 Source advisory: OSV:GHSA-67PF-62XR-Q35M...
clip-jax (=0.0.5), sdeper (>=1.1.0 <=1.6.1) potentially affected by CVE-2022-41893 via tensorflow-cpu (>=2.9.0 <=2.9.1)
tensorflow-cpu PYPI version =2.9.0, =1.1.0, =1.6.1 Source cves: CVE-2022-41893 Source advisory: OSV:GHSA-67PF-62XR-Q35M...
GHSA-67PF-62XR-Q35M `CHECK_EQ` fail in `tf.raw_ops.TensorListResize`
Impact If tf.rawops.TensorListResize is given a nonscalar value for input size, it results CHECK fail which can be used to trigger a denial of service attack. python import numpy as np import tensorflow as tf a = datastructures.tftensorlistnewelements = tf.constantvalue=3, 4, 5 b = np.zeros0, 2, ...
`CHECK_EQ` fail in `tf.raw_ops.TensorListResize`
Impact If tf.rawops.TensorListResize is given a nonscalar value for input size, it results CHECK fail which can be used to trigger a denial of service attack. python import numpy as np import tensorflow as tf a = datastructures.tftensorlistnewelements = tf.constantvalue=3, 4, 5 b = np.zeros0, 2, ...
aggmap (>=1.1.1 <=1.2.1), molmap (>=1.3.1 <=1.4.0) potentially affected by CVE-2022-41891 via tensorflow-gpu (=2.9.1)
tensorflow-gpu PYPI version =2.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - aggmap =1.1.1, =1.3.1, =1.4.0 Source cves: CVE-2022-41891 Source advisory: OSV:GHSA-66VQ-54FQ-6JVV...
aimodelshare (>=0.0.157 <=0.1.0), aliby (>=0.1.18 <=0.1.55) +69 more potentially affected by CVE-2022-41891 via tensorflow (>=2.9.0 <=2.9.2)
tensorflow PYPI version =2.9.0, =0.0.157, =0.1.18, =0.1.11, =0.30.0, =0.2.6, =0.0.1, =1.0.0, =0.0.0, =4.8.2, =0.9.0, =0.99.1 - cvt-tensorflow =1.1.4 and more Source cves: CVE-2022-41891 Source advisory: OSV:GHSA-66VQ-54FQ-6JVV...
a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by CVE-2022-41891 via tensorflow-cpu (>=1.15.0 <=2.7.4)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-41891 Source advisory: OSV:GHSA-66VQ-54FQ-6JVV...
clip-jax (=0.0.5), sdeper (>=1.1.0 <=1.6.1) potentially affected by CVE-2022-41891 via tensorflow-cpu (>=2.9.0 <=2.9.1)
tensorflow-cpu PYPI version =2.9.0, =1.1.0, =1.6.1 Source cves: CVE-2022-41891 Source advisory: OSV:GHSA-66VQ-54FQ-6JVV...
animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +188 more potentially affected by CVE-2022-41891 via tensorflow-gpu (>=1.10.1 <=2.8.3)
tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-41891 Source advisory: OSV:GHSA-66VQ-54FQ-6JVV...
GHSA-66VQ-54FQ-6JVV Segfault in `tf.raw_ops.TensorListConcat`
Impact If tf.rawops.TensorListConcat is given elementshape=, it results segmentation fault which can be used to trigger a denial of service attack. python import tensorflow as tf tf.rawops.TensorListConcat inputhandle=tf.data.experimental.tovarianttf.data.Dataset.fromtensorslices1, 2, 3,...
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4934 more potentially affected by CVE-2022-41891 via tensorflow (>=1.0.1 <=2.8.3)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-41891 Source advisory: OSV:GHSA-66VQ-54FQ-6JVV...