14329 matches found
CVE-2022-29202 Denial of service in TensorFlow due to lack of validation in `tf.ragged.constant`
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.ragged.constant does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2,...
CVE-2022-29202
TensorFlow tf.ragged.constant contains a lack of input validation that can lead to denial of service via memory exhaustion. Affected products/versions include TensorFlow prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4. The issue was patched in 2.9.0 and back-ported to the earlier supported branches (2.8....
CVE-2022-29202
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.ragged.constant does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2,...
CVE-2022-29203 Integer overflow in `SpaceToBatchND` in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SpaceToBatchND in all backends such as XLA and handwritten kernels is vulnerable to an integer overflow: The result of this integer overflow is used to...
CVE-2022-29203 Integer overflow in `SpaceToBatchND` in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SpaceToBatchND in all backends such as XLA and handwritten kernels is vulnerable to an integer overflow: The result of this integer overflow is used to...
CVE-2022-29203
CVE-2022-29203 describes an integer overflow in TensorFlow’s tf.raw_ops.SpaceToBatchND across backends (XLA and handwritten kernels) that can cause a denial of service via a CHECK failure when allocating the output tensor. Affected versions are prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4. The documen...
CVE-2022-29203 Integer overflow in `SpaceToBatchND` in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SpaceToBatchND in all backends such as XLA and handwritten kernels is vulnerable to an integer overflow: The result of this integer overflow is used to...
CVE-2022-29203
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SpaceToBatchND in all backends such as XLA and handwritten kernels is vulnerable to an integer overflow: The result of this integer overflow is used to...
CVE-2022-29204 Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2`
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. T...
CVE-2022-29204
TensorFlow CVE-2022-29204 affects the tf.raw_ops.UnsortedSegmentJoin implementation in multiple pre-2.9.0 releases (2.9.0, 2.8.1, 2.7.2, 2.6.4). The issue arises from incomplete validation of input arguments, specifically num_segments, which is treated as a positive scalar and used to allocate th...
CVE-2022-29204 Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2`
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. T...
CVE-2022-29204 Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2`
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. T...
CVE-2022-29204
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. T...
CVE-2022-29208 Segfault and Out-of-bounds Write write due to incomplete validation in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...
CVE-2022-29208 Segfault and Out-of-bounds Write write due to incomplete validation in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...
CVE-2022-29208 Segfault and Out-of-bounds Write write due to incomplete validation in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...
CVE-2022-29208
TensorFlow CVE-2022-29208: The tf.raw_ops.EditDistance implementation has incomplete validation, allowing crafted negative values to cause an out-of-bounds write and segmentation-fault based DoS. Affected versions are 2.6.4, 2.7.2, 2.8.1, and 2.9.0; patches exist and fixes are included in 2.9.0 (...
CVE-2022-29208
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...
CVE-2022-29205 Segfault due to missing support for quantized types in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1. ops which don't yet have support for quantized types, which was added after migration to...
CVE-2022-29205 Segfault due to missing support for quantized types in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1. ops which don't yet have support for quantized types, which was added after migration to...