CVE-2022-41886

TensorFlow is an open source platform for machine learning. When tf.rawops.ImageProjectiveTransformV2 is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also...

CVE-2022-41889

TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors...

CVE-2022-41890

TensorFlow is an open source platform for machine learning. If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. We have patched the...

CVE-2022-41900

TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMaxAVGPool with illegal poolingratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote...

CVE-2022-41909

TensorFlow is an open source platform for machine learning. An input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and...

CVE-2022-41889 Segfault via invalid attributes in `pywrap_tfe_src.cc` in Tensorflow

TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors...

CVE-2022-41884 Seg fault in `ndarray_tensor_bridge` due to zero and large inputs in Tensorflow

TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be...

CVE-2022-41898 `CHECK` fail via inputs in `SparseFillEmptyRowsGrad` in Tensorflow

TensorFlow is an open source platform for machine learning. If SparseFillEmptyRowsGrad is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commi...

CVE-2022-41909 Segfault in `CompositeTensorVariantToComponents` in Tensorflow

TensorFlow is an open source platform for machine learning. An input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and...

CVE-2022-41907 Overflow in `ResizeNearestNeighborGrad` in Tensorflow

TensorFlow is an open source platform for machine learning. When tf.rawops.ResizeNearestNeighborGrad is given a large size input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick...

CVE-2022-41890 `CHECK` fail in `BCast` overflow in Tensorflow

TensorFlow is an open source platform for machine learning. If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. We have patched the...

CVE-2022-41897 `FractionalMaxPoolGrad` Heap out of bounds read in Tensorflow

TensorFlow is an open source platform for machine learning. If FractionMaxPoolGrad is given outsize inputs rowpoolingsequence and colpoolingsequence, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow...

CVE-2022-41886 Overflow in `ImageProjectiveTransformV2` in Tensorflow

TensorFlow is an open source platform for machine learning. When tf.rawops.ImageProjectiveTransformV2 is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also...

CVE-2022-41911 Invalid char to bool conversion when printing a tensor in Tensorflow

TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so...

The vulnerability of the IncrementOffset() function in the TensorFlow machine learning system, which allows a hacker to trigger a service failure.

The vulnerability of the IncrementOffset function in the TensorFlow machine learning system is related to the violation of the buffer’s initial boundary when processing the sizeofchunk value. Exploiting this vulnerability can allow an attacker to trigger a service failure...

AZL-38185 CVE-2022-42915 affecting package tensorflow for versions less than 2.16.1-1

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

GHSA-9JJW-HF72-3MXW TensorFlow vulnerable to heap out of bounds read in filesystem glob matching

Impact The general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories: cc if !fs-Matchchildpath, dirsdirindex ... Since dirindex is unconditionaly incremented outside of the lambda function where the...

TensorFlow vulnerable to heap out of bounds read in filesystem glob matching

Impact The general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories: cc if !fs-Matchchildpath, dirsdirindex ... Since dirindex is unconditionaly incremented outside of the lambda function where the...

ai.bareun.tagger:bareun (>=1.0.0 <=1.4.1), ai.djl.serving:serving (=0.19.0) +3735 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-java (>=3.21.0-rc-1 <=3.21.6)

com.google.protobuf:protobuf-java MAVEN version =3.21.0-rc-1, =1.0.0, =3.42.0.2-1-3.4, =0.0.1, =22.3.2, =22.3.2, =22.3.2, =22.3.2, =1.0.0-beta01, =1.0.0-beta01, =1.0.0-beta06 - at.ac.ait.lablink.clients:universalapiclient =0.1.0 and more Source cves: CVE-2022-3171 Source advisory:...

ai.djl.spring:djl-spring-boot-starter-tensorflow-auto (>=0.15 <=0.18), ai.djl.tensorflow:tensorflow-api (>=0.15.0 <=0.18.0) +7125 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-java (>=3.17.0-rc-1 <=3.19.5)

com.google.protobuf:protobuf-java MAVEN version =3.17.0-rc-1, =0.15, =0.15.0, =0.15.0, =0.15.0, =3.32.1.6, =3.32.1.6-1-2.1, =3.32.1.6-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.0.1, =2.8.4-alpha1, =3.0.1-alpha1 and more Source cves: CVE-2022-317...