14329 matches found
CVE-2022-35939 Out of bounds write in `scatter_nd` op in TensorFlow Lite
TensorFlow is an open source platform for machine learning. The ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have...
CVE-2022-35939
TensorFlow is an open source platform for machine learning. The ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have...
CVE-2022-35935 `CHECK` failure in `SobolSample` via missing validation in TensorFlow
TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure assertion failure caused by assuming input0, input1, and input2 to be scalar. This issue has been patched in GitHub commit...
CVE-2022-35935 `CHECK` failure in `SobolSample` via missing validation in TensorFlow
TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure assertion failure caused by assuming input0, input1, and input2 to be scalar. This issue has been patched in GitHub commit...
CVE-2022-35935
CVE-2022-35935 affects TensorFlow via SobolSampleOp triggering a denial of service from a misvalidation that assumes input(0), input(1), and input(2) are scalar, causing a CHECK failure. The issue has been patched in the GitHub commit c65c67f88ad770662e8f191269a907bf2b94b1bf, with the fix slated ...
CVE-2022-35935 `CHECK` failure in `SobolSample` via missing validation in TensorFlow
TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure assertion failure caused by assuming input0, input1, and input2 to be scalar. This issue has been patched in GitHub commit...
CVE-2022-35935
TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure assertion failure caused by assuming input0, input1, and input2 to be scalar. This issue has been patched in GitHub commit...
CVE-2022-35938
CVE-2022-35938 affects TensorFlow and TensorFlow Lite Micro GatherNd where inputs can trigger an out-of-bounds read or crash when sizes mismatch. The issue is patched in commit 4142e47e9e31db481781b955ed3ff807a781b494 and the fix will be included in TensorFlow 2.10.0, with cherry-picks to 2.9.1, ...
CVE-2022-35938 OOB read in `Gather_nd` op in TensorFlow Lite Micro
TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been...
CVE-2022-35938 OOB read in `Gather_nd` op in TensorFlow Lite Micro
TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been...
CVE-2022-35938 OOB read in `Gather_nd` op in TensorFlow Lite Micro
TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been...
CVE-2022-35934 `CHECK` failure in tf.reshape in Tensorflow
TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit...
CVE-2022-35934 `CHECK` failure in tf.reshape in Tensorflow
TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit...
CVE-2022-35934
CVE-2022-35934 : TensorFlow’s tf.reshape op is vulnerable to a denial of service caused by a CHECK-failure when overflowing the number of tensor elements. The issue is patched in commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555; the fix is planned for TensorFlow 2.10.0 and will be cherry-picked to...
CVE-2022-35934 `CHECK` failure in tf.reshape in Tensorflow
TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit...
CVE-2022-35934
TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit...
acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-35997 via tensorflow (>=2.8.0 <=2.8.0rc1)
tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-35997 Source advisory: OSV:GHSA-P7HR-F446-X6QF...
aliby (>=0.1.18 <=0.1.55), aliby-baby (>=0.1.11 <=0.1.17) +29 more potentially affected by CVE-2022-35997 via tensorflow (>=2.9.0 <=2.9.0rc2)
tensorflow PYPI version =2.9.0, =0.1.18, =0.1.11, =0.30.0, =0.0.0, =1.3.0, =0.3.0, =1.0.1, =1.2.0, =0.0.6, =1.0.12, =0.1.0, =0.1.1 and more Source cves: CVE-2022-35997 Source advisory: OSV:GHSA-P7HR-F446-X6QF...
clip-jax (=0.0.5) potentially affected by CVE-2022-35997 via tensorflow-cpu (=2.9.0)
tensorflow-cpu PYPI version =2.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - clip-jax =0.0.5 Source cves: CVE-2022-35997 Source advisory: OSV:GHSA-P7HR-F446-X6QF...
TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross`
Impact If tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf tf.sparse.crossinputs=,name='a',separator=tf.constant'a', 'b',dtype=tf.string Patches We have patched the issue ...