14329 matches found
CVE-2022-35979
CVE-2022-35979 affects TensorFlow. When QuantizedRelu or QuantizedRelu6 receive nonscalar inputs for min_features or max_features, a segfault can be triggered, leading to a denial of service. A fix was committed (49b3824d83af706df0ad07e4e677d88659756d89) and will be included in TensorFlow 2.10.0....
CVE-2022-35979
TensorFlow is an open source platform for machine learning. If QuantizedRelu or QuantizedRelu6 are given nonscalar inputs for minfeatures or maxfeatures, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
clip-jax (=0.0.5) potentially affected by CVE-2022-36027 via tensorflow-cpu (=2.9.0)
tensorflow-cpu PYPI version =2.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - clip-jax =0.0.5 Source cves: CVE-2022-36027 Source advisory: OSV:GHSA-79H2-Q768-FPXR...
a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by CVE-2022-36027 via tensorflow-cpu (>=1.15.0 <=2.7.0)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-36027 Source advisory: OSV:GHSA-79H2-Q768-FPXR...
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4899 more potentially affected by CVE-2022-36027 via tensorflow (>=1.0.1 <=2.7.1)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-36027 Source advisory: OSV:GHSA-79H2-Q768-FPXR...
causalegm (>=0.2.1 <=0.2.5), chrombpnet (>=0.1.0 <=0.1.2) +3 more potentially affected by CVE-2022-36027 via tensorflow-gpu (=2.8.0)
tensorflow-gpu PYPI version =2.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - causalegm =0.2.1, =0.1.0, =0.0.6, =2.3.5, =2.4.1 - tlaunch =0.0.2 Source cves: CVE-2022-36027 Source advisory: OSV:GHSA-79H2-Q768-F...
animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +182 more potentially affected by CVE-2022-36027 via tensorflow-gpu (>=1.10.1 <=2.7.0)
tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-36027 Source advisory: OSV:GHSA-79H2-Q768-FPXR...
acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-36027 via tensorflow (>=2.8.0 <=2.8.0rc1)
tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-36027 Source advisory: OSV:GHSA-79H2-Q768-FPXR...
aliby (>=0.1.18 <=0.1.55), aliby-baby (>=0.1.11 <=0.1.17) +29 more potentially affected by CVE-2022-36027 via tensorflow (>=2.9.0 <=2.9.0rc2)
tensorflow PYPI version =2.9.0, =0.1.18, =0.1.11, =0.30.0, =0.0.0, =1.3.0, =0.3.0, =1.0.1, =1.2.0, =0.0.6, =1.0.12, =0.1.0, =0.1.1 and more Source cves: CVE-2022-36027 Source advisory: OSV:GHSA-79H2-Q768-FPXR...
GHSA-79H2-Q768-FPXR TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions
Impact When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. python import tensorflow as tf class QuantConv2DTransposedtf.keras.layers.Layer: def buildself, inputshape: self.kernel = self.addweight"kernel", 3, 3,...
TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions
Impact When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. python import tensorflow as tf class QuantConv2DTransposedtf.keras.layers.Layer: def buildself, inputshape: self.kernel = self.addweight"kernel", 3, 3,...
CVE-2022-35974 Segfault in `QuantizeDownAndShrinkRange` in TensorFlow
TensorFlow is an open source platform for machine learning. If QuantizeDownAndShrinkRange is given nonscalar inputs for inputmin or inputmax, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
CVE-2022-35974 Segfault in `QuantizeDownAndShrinkRange` in TensorFlow
TensorFlow is an open source platform for machine learning. If QuantizeDownAndShrinkRange is given nonscalar inputs for inputmin or inputmax, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
CVE-2022-35974
Summary: CVE-2022-35974 affects TensorFlow via QuantizeDownAndShrinkRange when given nonscalar input_min/input_max, causing a segfault and a potential denial of service. The issue has been patched in commit 73ad1815ebcfeb7c051f9c2f7ab5024380ca8613 and the fix will be included in TensorFlow 2.10.0...
CVE-2022-35974 Segfault in `QuantizeDownAndShrinkRange` in TensorFlow
TensorFlow is an open source platform for machine learning. If QuantizeDownAndShrinkRange is given nonscalar inputs for inputmin or inputmax, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
CVE-2022-35974
TensorFlow is an open source platform for machine learning. If QuantizeDownAndShrinkRange is given nonscalar inputs for inputmin or inputmax, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4899 more potentially affected by CVE-2022-35939 via tensorflow (>=1.0.1 <=2.7.1)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-35939 Source advisory: OSV:GHSA-FFJM-4QWC-7CMF...
acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-35939 via tensorflow (>=2.8.0 <=2.8.0rc1)
tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-35939 Source advisory: OSV:GHSA-FFJM-4QWC-7CMF...
TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite
Impact The ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. Patches We have patched the issue in GitHub commit...
aliby (>=0.1.18 <=0.1.55), aliby-baby (>=0.1.11 <=0.1.17) +29 more potentially affected by CVE-2022-35939 via tensorflow (>=2.9.0 <=2.9.0rc2)
tensorflow PYPI version =2.9.0, =0.1.18, =0.1.11, =0.30.0, =0.0.0, =1.3.0, =0.3.0, =1.0.1, =1.2.0, =0.0.6, =1.0.12, =0.1.0, =0.1.1 and more Source cves: CVE-2022-35939 Source advisory: OSV:GHSA-FFJM-4QWC-7CMF...