CVE-2022-41891 Segfault in `tf.raw_ops.TensorListConcat` in Tensorflow

TensorFlow is an open source platform for machine learning. If tf.rawops.TensorListConcat is given elementshape=, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix wil...

Google TensorFlow 安全漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial of service vulnerability exists in Google TensorFlow versions prior to 2.8.4, 2.9.0 and later, 2.9.3 and later, 2.10.0 and later, and 2.10.1. TensorListConcat" is given "elementshape=", resulti...

CVE-2022-41891 Segfault in `tf.raw_ops.TensorListConcat` in Tensorflow

TensorFlow is an open source platform for machine learning. If tf.rawops.TensorListConcat is given elementshape=, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix wil...

CVE-2022-41889 Segfault via invalid attributes in `pywrap_tfe_src.cc` in Tensorflow

TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors...

CVE-2022-41908

TensorFlow CVE-2022-41908: CHECK fail in tf.raw_ops.PyFunc triggered by non-UTF-8 input tokens. Patch committed (9f03a9d3bafe902c1e6beb105b2f24172f238645); fix slated for TensorFlow 2.11 with cherry-picks to 2.10.1, 2.9.3, and 2.8.4. No exploit details provided in the documents.

CVE-2022-41887

TensorFlow CVE-2022-41887 describes a buffer/size-mismatch overflow in tf.keras.losses.poisson when y_pred/y_true dimensions overflow an int32 during broadcasting in BinaryOp. A patch is committed (c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c) and will be included in TensorFlow 2.11; TensorFlow 2.10....

CVE-2022-41884

CVE-2022-41884 affects TensorFlow. A numpy array has a shape where one element is zero and the others sum to a large number, triggering an error. The issue has been fixed in commit 2b56169c16e375c521a3bc8ea658811cc0793784 and will be included in TensorFlow 2.11; the fix will also be cherry-picked...

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google TensorFlow is vulnerable to an input validation error that could be exploited by attackers to launch a program crash attack...

CVE-2022-41883 Out of bounds segmentation fault due to unequal op inputs in Tensorflow

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...

CVE-2022-41888

CVE-2022-41888 (TensorFlow) affects the GPU path of tf.image.generate_bounding_box_proposals where the scores input must be rank 4 but this is not checked. TensorFlow patch cf35502463a88ca7185a99daa7031df60b3c1c98 fixes this, with the fix to be included in TensorFlow 2.11 and cherry-picked to Ten...

CVE-2022-41911 Invalid char to bool conversion when printing a tensor in Tensorflow

TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so...

Google TensorFlow 安全漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer overflow vulnerability exists in Google TensorFlow, which stems from tf.rawops.ResizeNearestNeighborGrad's lack of length size validation of the input data. validation, an attacker could exploi...

Google TensorFlow 代码问题漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A code issue vulnerability exists in Google TensorFlow, which stems from a logical error in the organization of data, where the conversion from char to bool is undefined if the const char array is not 0...

CVE-2022-41883

CVE-2022-41883 affects TensorFlow. When ops with specified input sizes receive a differing number of inputs, the executor can crash due to an input-size mismatch. The issue has been patched in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629 and will be included in TensorFlow 2.11; it will ...

CVE-2022-41896 `tf.raw_ops.Mfcc` crashes in Tensorflow

TensorFlow is an open source platform for machine learning. If ThreadUnsafeUnigramCandidateSampler is given input filterbankchannelcount greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be...

PT-2022-26129 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1 and earlier TensorFlow versions 2.9.3 and earlier TensorFlow versions 2.8.4 and earlier Description: The issue occurs when the SparseFillEmptyRowsGrad function is given empty inputs...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow that causes FractionalMaxAVG Pool to have an illegal poolingratio. attackers using Tensorflow can exploit this vulnerability. They can access heap...

CVE-2022-41897 `FractionalMaxPoolGrad` Heap out of bounds read in Tensorflow

TensorFlow is an open source platform for machine learning. If FractionMaxPoolGrad is given outsize inputs rowpoolingsequence and colpoolingsequence, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow...

CVE-2022-41880 ThreadUnsafeUnigramCandidateSampler Heap out of bounds in Tensorflow

TensorFlow is an open source platform for machine learning. When the BaseCandidateSamplerOp function receives a value in trueclasses larger than rangemax, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in...

CVE-2022-41886 Overflow in `ImageProjectiveTransformV2` in Tensorflow

TensorFlow is an open source platform for machine learning. When tf.rawops.ImageProjectiveTransformV2 is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also...