Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. An attacker may exploit the vulnerability by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. An attacker may exploit the vulnerability by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. An attacker is able to crash the system by altering a SavedModel in Grappler optimizer such that IsSimplifiableReshape would trigger CHECK failures...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. The vulnerability exists due to a lack of santization of the CHECK assertion in shapeinference.cc file allowing an attacker to crash the system by injecting invalid dtype, 0 elements or an invalid shape...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. An attacker is able to crash the system by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. An attacker can crash the application through the GraphDef in tensorflow SavedModel by providing an invalid argument to ctortype...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization of a CHECK assertion in resource handle tensor from protobuf allowing an attacker to crash the system via maliciously crafted controlled arguments...

lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by CVE-2022-23580 via tensorflow-cpu (=2.7.0)

tensorflow-cpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - lsmmdma =0.0.4, =0.1.7 - tpu-tf2 =1.0.0 Source cves: CVE-2022-23580 Source advisory: OSV:GHSA-627Q-G293-49Q7...

aadhaar-detection (=0.5.0), accuinsight (>=1.0.84 <=1.0.87) +38 more potentially affected by CVE-2022-23580 via tensorflow (>=2.7.0 <=2.7.0rc1)

tensorflow PYPI version =2.7.0, =1.0.84, =3.0.22, =0.1.11, =0.1.11, =0.1.11, =0.1.0, =0.0.1, =0.1.5.dev202303131412, =0.1.0, =0.1.1 and more Source cves: CVE-2022-23580 Source advisory: OSV:GHSA-627Q-G293-49Q7...

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-23580 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-23580 Source advisory: OSV:GHSA-627Q-G293-49Q7...

rpnet (>=0.0.1 <=0.1.0), rpnet-dev (>=0.0.5 <=0.0.12) +4 more potentially affected by CVE-2022-23580 via tensorflow-gpu (=2.7.0)

tensorflow-gpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - rpnet =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-23580 Source advisory:...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23580 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23580 Source advisory: OSV:GHSA-627Q-G293-49Q7...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +42 more potentially affected by CVE-2022-23580 via tensorflow (>=2.6.0 <=2.6.2)

tensorflow PYPI version =2.6.0, =0.0.2, =1.0.1, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =1.1.2 - imgtovar =0.8.5 and more Source cves: CVE-2022-23580 Source advisory: OSV:GHSA-627Q-G293-49Q7...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4847 more potentially affected by CVE-2022-23580 via tensorflow (>=1.0.1 <=2.5.2)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-23580 Source advisory: OSV:GHSA-627Q-G293-49Q7...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23580 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-23580 Source advisory: OSV:GHSA-627Q-G293-49Q7...

GHSA-627Q-G293-49Q7 Abort caused by allocating a vector that is too large in Tensorflow

Impact During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user: cc const auto numdims = Valueshapedim; std::vector dims; dims.reservenumdims; Patches We have patched the issue in GitHub commit 1361fb7e29449629e1df94d44e0427ebec8c83c7. T...

Abort caused by allocating a vector that is too large in Tensorflow

Impact During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user: cc const auto numdims = Valueshapedim; std::vector dims; dims.reservenumdims; Patches We have patched the issue in GitHub commit 1361fb7e29449629e1df94d44e0427ebec8c83c7. T...

aadhaar-detection (=0.5.0), accuinsight (>=1.0.84 <=1.0.87) +38 more potentially affected by CVE-2022-23581 via tensorflow (>=2.7.0 <=2.7.0rc1)

tensorflow PYPI version =2.7.0, =1.0.84, =3.0.22, =0.1.11, =0.1.11, =0.1.11, =0.1.0, =0.0.1, =0.1.5.dev202303131412, =0.1.0, =0.1.1 and more Source cves: CVE-2022-23581 Source advisory: OSV:GHSA-FQ86-3F29-PX2C...

rpnet (>=0.0.1 <=0.1.0), rpnet-dev (>=0.0.5 <=0.0.12) +4 more potentially affected by CVE-2022-23581 via tensorflow-gpu (=2.7.0)

tensorflow-gpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - rpnet =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-23581 Source advisory:...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23581 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-23581 Source advisory: OSV:GHSA-FQ86-3F29-PX2C...