causalegm (>=0.2.1 <=0.2.5), chrombpnet (>=0.1.0 <=0.1.2) +3 more potentially affected by CVE-2022-29191 via tensorflow-gpu (=2.8.0)

tensorflow-gpu PYPI version =2.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - causalegm =0.2.1, =0.1.0, =0.0.6, =2.3.5, =2.4.1 - tlaunch =0.0.2 Source cves: CVE-2022-29191 Source advisory: OSV:GHSA-FV25-WRFF-W...

lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by CVE-2022-29191 via tensorflow-cpu (=2.7.0)

tensorflow-cpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - lsmmdma =0.0.4, =0.1.7 - tpu-tf2 =1.0.0 Source cves: CVE-2022-29191 Source advisory: OSV:GHSA-FV25-WRFF-WF86...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4878 more potentially affected by CVE-2022-29191 via tensorflow (>=1.0.1 <=2.6.3)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-29191 Source advisory: OSV:GHSA-FV25-WRFF-WF86...

aadhaar-detection (=0.5.0), accuinsight (>=1.0.84 <=1.0.87) +39 more potentially affected by CVE-2022-29191 via tensorflow (>=2.7.0 <=2.7.1)

tensorflow PYPI version =2.7.0, =1.0.84, =3.0.22, =0.1.11, =0.1.11, =0.1.11, =0.1.0, =0.0.1, =1.2.1, =0.1.5.dev202303131412, =0.1.0, =0.1.1 and more Source cves: CVE-2022-29191 Source advisory: OSV:GHSA-FV25-WRFF-WF86...

Missing validation causes denial of service via `GetSessionTensor`

Impact The implementation of tf.rawops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf handle = tf.constant"", shape=0, dtype=tf.string...

rpnet (>=0.0.1 <=0.1.0), rpnet-dev (>=0.0.5 <=0.0.12) +4 more potentially affected by CVE-2022-29191 via tensorflow-gpu (=2.7.0)

tensorflow-gpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - rpnet =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-29191 Source advisory:...

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +176 more potentially affected by CVE-2022-29191 via tensorflow-gpu (>=1.10.1 <=2.6.3)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-29191 Source advisory: OSV:GHSA-FV25-WRFF-WF86...

GHSA-FV25-WRFF-WF86 Missing validation causes denial of service via `GetSessionTensor`

Impact The implementation of tf.rawops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf handle = tf.constant"", shape=0, dtype=tf.string...

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +176 more potentially affected by CVE-2022-29193 via tensorflow-gpu (>=1.10.1 <=2.6.3)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-29193 Source advisory: OSV:GHSA-2P9Q-H29J-3F5V...

acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-29193 via tensorflow (>=2.8.0 <=2.8.0rc1)

tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-29193 Source advisory: OSV:GHSA-2P9Q-H29J-3F5V...

lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by CVE-2022-29193 via tensorflow-cpu (=2.7.0)

tensorflow-cpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - lsmmdma =0.0.4, =0.1.7 - tpu-tf2 =1.0.0 Source cves: CVE-2022-29193 Source advisory: OSV:GHSA-2P9Q-H29J-3F5V...

rpnet (>=0.0.1 <=0.1.0), rpnet-dev (>=0.0.5 <=0.0.12) +4 more potentially affected by CVE-2022-29193 via tensorflow-gpu (=2.7.0)

tensorflow-gpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - rpnet =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-29193 Source advisory:...

Missing validation causes `TensorSummaryV2` to crash

Impact The implementation of tf.rawops.TensorSummaryV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import numpy as np import tensorflow as tf tf.rawops.TensorSummaryV2 tag=np.array'test',...

causalegm (>=0.2.1 <=0.2.5), chrombpnet (>=0.1.0 <=0.1.2) +3 more potentially affected by CVE-2022-29193 via tensorflow-gpu (=2.8.0)

tensorflow-gpu PYPI version =2.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - causalegm =0.2.1, =0.1.0, =0.0.6, =2.3.5, =2.4.1 - tlaunch =0.0.2 Source cves: CVE-2022-29193 Source advisory: OSV:GHSA-2P9Q-H29J-3...

GHSA-2P9Q-H29J-3F5V Missing validation causes `TensorSummaryV2` to crash

Impact The implementation of tf.rawops.TensorSummaryV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import numpy as np import tensorflow as tf tf.rawops.TensorSummaryV2 tag=np.array'test',...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-29193 via tensorflow-cpu (>=1.15.0 <=2.5.3)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-29193 Source advisory: OSV:GHSA-2P9Q-H29J-3F5V...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4878 more potentially affected by CVE-2022-29193 via tensorflow (>=1.0.1 <=2.6.3)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-29193 Source advisory: OSV:GHSA-2P9Q-H29J-3F5V...

aadhaar-detection (=0.5.0), accuinsight (>=1.0.84 <=1.0.87) +39 more potentially affected by CVE-2022-29193 via tensorflow (>=2.7.0 <=2.7.1)

tensorflow PYPI version =2.7.0, =1.0.84, =3.0.22, =0.1.11, =0.1.11, =0.1.11, =0.1.0, =0.0.1, =1.2.1, =0.1.5.dev202303131412, =0.1.0, =0.1.1 and more Source cves: CVE-2022-29193 Source advisory: OSV:GHSA-2P9Q-H29J-3F5V...

Heap-based Buffer Overflow

tensorflow is vulnerable to heap-based buffer overflow. The use of AllocatedBytes in the insecure hash function AbslHashValue allows local authenticated attackers to cause heap-based buffer overflows resulting in denial of service conditions...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists because the tf.rawops.GetSessionTensor in sessionops.cc does not properly validate the input arguments, allowing an attacker to crash the application through the CHECK failure...