clip-jax (=0.0.5) potentially affected by CVE-2022-41885 via tensorflow-cpu (=2.9.0)

tensorflow-cpu PYPI version =2.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - clip-jax =0.0.5 Source cves: CVE-2022-41885 Source advisory: OSV:GHSA-762H-VPVW-3RCX...

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +183 more potentially affected by CVE-2022-41885 via tensorflow-gpu (>=1.10.1 <=2.7.2)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-41885 Source advisory: OSV:GHSA-762H-VPVW-3RCX...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by CVE-2022-41885 via tensorflow-cpu (>=1.15.0 <=2.7.0)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-41885 Source advisory: OSV:GHSA-762H-VPVW-3RCX...

Overflow in `FusedResizeAndPadConv2D`

Impact When tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows. python import tensorflow as tf mode = "REFLECT" strides = 1, 1, 1, 1 padding = "SAME" resizealigncorners = False input = tf.constant147, shape=3,3,1,1, dtype=tf.float16 size =...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4934 more potentially affected by CVE-2022-41884 via tensorflow (>=1.0.1 <=2.8.3)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-41884 Source advisory: OSV:GHSA-JQ6X-99HJ-Q636...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by CVE-2022-41884 via tensorflow-cpu (>=1.15.0 <=2.7.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-41884 Source advisory: OSV:GHSA-JQ6X-99HJ-Q636...

aimodelshare (>=0.0.157 <=0.1.0), aliby (>=0.1.18 <=0.1.55) +69 more potentially affected by CVE-2022-41884 via tensorflow (>=2.9.0 <=2.9.2)

tensorflow PYPI version =2.9.0, =0.0.157, =0.1.18, =0.1.11, =0.30.0, =0.2.6, =0.0.1, =1.0.0, =0.0.0, =4.8.2, =0.9.0, =0.99.1 - cvt-tensorflow =1.1.4 and more Source cves: CVE-2022-41884 Source advisory: OSV:GHSA-JQ6X-99HJ-Q636...

clip-jax (=0.0.5), sdeper (>=1.1.0 <=1.6.1) potentially affected by CVE-2022-41884 via tensorflow-cpu (>=2.9.0 <=2.9.1)

tensorflow-cpu PYPI version =2.9.0, =1.1.0, =1.6.1 Source cves: CVE-2022-41884 Source advisory: OSV:GHSA-JQ6X-99HJ-Q636...

GHSA-JQ6X-99HJ-Q636 Seg fault in `ndarray_tensor_bridge` due to zero and large inputs

Impact If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. E.g. the following raises an error: python np.ones0, 231, 231 An example of a proof of concept: python import numpy as np import tensorflow as tf inputval =...

aggmap (>=1.1.1 <=1.2.1), molmap (>=1.3.1 <=1.4.0) potentially affected by CVE-2022-41884 via tensorflow-gpu (=2.9.1)

tensorflow-gpu PYPI version =2.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - aggmap =1.1.1, =1.3.1, =1.4.0 Source cves: CVE-2022-41884 Source advisory: OSV:GHSA-JQ6X-99HJ-Q636...

Seg fault in `ndarray_tensor_bridge` due to zero and large inputs

Impact If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. E.g. the following raises an error: python np.ones0, 231, 231 An example of a proof of concept: python import numpy as np import tensorflow as tf inputval =...

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +188 more potentially affected by CVE-2022-41884 via tensorflow-gpu (>=1.10.1 <=2.8.3)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-41884 Source advisory: OSV:GHSA-JQ6X-99HJ-Q636...

Out of bounds segmentation fault due to unequal op inputs in Tensorflow

Impact tf.rawops.DynamicStitch specifies input sizes when it is registered. cpp REGISTEROP"DynamicStitch" .Input"indices: N int32" .Input"data: N T" .Output"merged: T" .Attr"N : int = 1" .Attr"T : type" .SetShapeFnDynamicStitchShapeFunction; When it receives a differing number of inputs, such as...

GHSA-W58W-79XV-6VCJ Out of bounds segmentation fault due to unequal op inputs in Tensorflow

Impact tf.rawops.DynamicStitch specifies input sizes when it is registered. cpp REGISTEROP"DynamicStitch" .Input"indices: N int32" .Input"data: N T" .Output"merged: T" .Attr"N : int = 1" .Attr"T : type" .SetShapeFnDynamicStitchShapeFunction; When it receives a differing number of inputs, such as...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in the FusedResizeAndPadConv2D function of nnops.cc due to improper buffer size checking which allows an attacker to cause an application crash by providing malicious input...

py-tensorflow -- denial of service vulnerability

Kang Hong Jin, Neophytos Christou, 刘力源 and Pattarakrit Rattankul report: Another instance of CVE-2022-35935, where SobolSample is vulnerable to a denial of service via assumed scalar inputs, was found and fixed. Pattarakrit Rattankul reports: Another instance of CVE-2022-35991, where...

PT-2022-26134 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11.0 TensorFlow versions 2.8.4, 2.9.3, and 2.10.1 are affected, but will be patched with a cherrypick commit. Description: The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs...

PT-2022-26141 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11.0 TensorFlow versions 2.8.4 through 2.10.1 Description: The issue is related to the function MakeGrapplerFunctionItem which takes arguments that determine the sizes of inputs and outputs. If the inputs given...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when SparseFillEmptyRowsGrad is given empty inputs. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds in DynamicStitch due to missing validation when it receives a differing number of inputs, such as when it is called with an indices size 1 and a data size 2. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher...