14329 matches found
Stack overflow
TensorFlow is an open source platform for machine learning. The AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program. We have patched the issue in GitHub commit...
Out-of-bounds
TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in...
Stack overflow
TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit...
CVE-2022-35963 `CHECK` failures in `FractionalAvgPoolGrad` in TensorFlow
TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the...
CVE-2022-35963
TensorFlow FractionalAvgPoolGrad is vulnerable due to incomplete validation of orig_input_tensor_shape, allowing an overflow that can trigger a CHECK failure and deny service. The issue is fixed in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad and will be included in TensorFlow 2.10.0; t...
CVE-2022-35963 `CHECK` failures in `FractionalAvgPoolGrad` in TensorFlow
TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the...
CVE-2022-35963 `CHECK` failures in `FractionalAvgPoolGrad` in TensorFlow
TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the...
CVE-2022-35963
TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the...
CVE-2022-35960 `CHECK` failure in `TensorListReserve` in TensorFlow
TensorFlow is an open source platform for machine learning. In core/kernels/listkernels.cc's TensorListReserve, numelements is assumed to be a tensor of size 1. When a numelements of more than 1 element is provided, then tf.rawops.TensorListReserve fails the CHECKEQ in...
CVE-2022-35960 `CHECK` failure in `TensorListReserve` in TensorFlow
TensorFlow is an open source platform for machine learning. In core/kernels/listkernels.cc's TensorListReserve, numelements is assumed to be a tensor of size 1. When a numelements of more than 1 element is provided, then tf.rawops.TensorListReserve fails the CHECKEQ in...
CVE-2022-35960
CVE-2022-35960 relates to TensorFlow’s TensorListReserve check in core/kernels/list_kernels.cc. The issue occurs when num_elements is a tensor larger than size 1, causing a failed CHECK_EQ in CheckIsAlignedAndSingleElement and potentially denial of service. The documented fix is committed (b5f6fb...
CVE-2022-35960 `CHECK` failure in `TensorListReserve` in TensorFlow
TensorFlow is an open source platform for machine learning. In core/kernels/listkernels.cc's TensorListReserve, numelements is assumed to be a tensor of size 1. When a numelements of more than 1 element is provided, then tf.rawops.TensorListReserve fails the CHECKEQ in...
CVE-2022-35960
TensorFlow is an open source platform for machine learning. In core/kernels/listkernels.cc's TensorListReserve, numelements is assumed to be a tensor of size 1. When a numelements of more than 1 element is provided, then tf.rawops.TensorListReserve fails the CHECKEQ in...
CVE-2022-35959 `CHECK` failures in `AvgPool3DGrad` in TensorFlow
TensorFlow is an open source platform for machine learning. The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in...
CVE-2022-35959
TensorFlow’s CVE-2022-35959 is a denial-of-service flaw caused by insufficient validation of orig_input_shape in AvgPool3DGradOp. The overflow triggers a CHECK failure, with impact limited to environments using affected builds. The issue has been patched in commit 9178ac9d6389bdc54638ab913ea0e419...
CVE-2022-35959 `CHECK` failures in `AvgPool3DGrad` in TensorFlow
TensorFlow is an open source platform for machine learning. The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in...
CVE-2022-35959 `CHECK` failures in `AvgPool3DGrad` in TensorFlow
TensorFlow is an open source platform for machine learning. The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in...
CVE-2022-35959
TensorFlow is an open source platform for machine learning. The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in...
CVE-2022-35952
TensorFlow CVE-2022-35952 concerns the UnbatchGradOp: passing a non-scalar id or an incorrect batch_index can trigger CHECK failures, crashing the program. The issue affects UnbatchGrad in TensorFlow and is resolved by a patch in commit 5f945fc6409a3c1e90d6970c9292f805f6e6ddf2, with the fix plann...
CVE-2022-35952 `CHECK` failures in `UnbatchGradOp` in TensorFlow
TensorFlow is an open source platform for machine learning. The UnbatchGradOp function takes an argument id that is assumed to be a scalar. A nonscalar id can trigger a CHECK failure and crash the program. It also requires its argument batchindex to contain three times the number of elements as...