Lucene search
K

14329 matches found

OSV
OSV
added 2022/02/04 10:32 p.m.26 views

CVE-2022-23580 Abort caused by allocating a vector that is too large in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...

6.5CVSS6.4AI score0.00821EPSS
Exploits1References5
OSV
OSV
added 2022/02/04 10:32 p.m.29 views

CVE-2022-23581 `CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

6.5CVSS6.2AI score0.012EPSS
Exploits1References7
CVE
CVE
added 2022/02/04 10:32 p.m.93 views

CVE-2022-23581

CVE-2022-23581 concerns the Grappler optimizer in TensorFlow. The vulnerability arises when a SavedModel is altered in a way that triggers a CHECK failure in IsSimplifiableReshape, enabling a denial of service. Technical details in the connected documents specify the affected component as the Gra...

6.5CVSS6.4AI score0.012EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.41 views

CVE-2022-23581 `CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

6.5CVSS6.5AI score0.012EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2022/02/04 10:32 p.m.3 views

CVE-2022-23581

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

6.5CVSS6.8AI score0.012EPSS
Exploits1
OSV
OSV
added 2022/02/04 10:32 p.m.26 views

CVE-2022-23575 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateTensorSize is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in...

6.5CVSS6.6AI score0.00783EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.24 views

CVE-2022-23575 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateTensorSize is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in...

6.5CVSS6.7AI score0.00783EPSS
Exploits1References3
CVE
CVE
added 2022/02/04 10:32 p.m.102 views

CVE-2022-23575

TensorFlow vulnerability CVE-2022-23575 arises from an integer overflow in OpLevelCostEstimator::CalculateTensorSize when processing an operation with a very large tensor. The issue affects TensorFlow and was mitigated by a patch in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3 (...

6.5CVSS6.7AI score0.00783EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/02/04 10:32 p.m.122 views

CVE-2022-23576

CVE-2022-23576 describes an integer overflow in TensorFlow’s OpLevelCostEstimator::CalculateOutputSize, triggered when computing the product of output_shape.dim() elements for large tensor sizes. The vulnerability could allow overflow of the computed output size, potentially impacting stability o...

6.5CVSS6.7AI score0.00783EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.28 views

CVE-2022-23576 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateOutputSize is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number ...

6.5CVSS6.8AI score0.00783EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/02/04 10:32 p.m.7 views

CVE-2022-23576 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateOutputSize is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number ...

6.5CVSS6.5AI score0.00783EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/02/04 10:32 p.m.5 views

CVE-2022-23576

Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateOutputSize is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number ...

6.5CVSS7.3AI score0.00783EPSS
Exploits1
OSV
OSV
added 2022/02/04 10:32 p.m.47 views

CVE-2022-23576 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateOutputSize is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number ...

6.5CVSS6.6AI score0.00783EPSS
Exploits1References5
OSV
OSV
added 2022/02/04 10:32 p.m.27 views

CVE-2022-23588 `CHECK`-fails due to attempting to build a reference tensor in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as...

6.5CVSS6.2AI score0.00864EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2022/02/04 10:32 p.m.7 views

CVE-2022-23588 `CHECK`-fails due to attempting to build a reference tensor in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as...

6.5CVSS6.3AI score0.00864EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.41 views

CVE-2022-23588 `CHECK`-fails due to attempting to build a reference tensor in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as...

6.5CVSS6.5AI score0.00864EPSS
Exploits1References4
CVE
CVE
added 2022/02/04 10:32 p.m.89 views

CVE-2022-23588

CVE-2022-23588 affects TensorFlow: a malicious SavedModel can trigger Grappler optimizer to build a tensor using a reference dtype, causing a crash via a CHECK-fail in the Tensor constructor. The issue is fixed in TensorFlow 2.8.0; commits are cherry-picked to 2.7.1, 2.6.3, and 2.5.3 for affected...

6.5CVSS6.4AI score0.00864EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2022/02/04 10:32 p.m.93 views

CVE-2022-23589

CVE-2022-23589 affects the Grappler component of TensorFlow. The vulnerability is a null pointer dereference that can occur during constant folding when SavedModel nodes are missing, and similarly in IsIdentityConsumingSwitch. The fix is in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and...

6.5CVSS6.6AI score0.01097EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.29 views

CVE-2022-23589 Null pointer dereference in Grappler's `IsConstant` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file fixing the first one would trigger the same...

6.5CVSS6.7AI score0.01097EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2022/02/04 10:32 p.m.7 views

CVE-2022-23589 Null pointer dereference in Grappler's `IsConstant` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file fixing the first one would trigger the same...

6.5CVSS6.5AI score0.01097EPSS
Exploits1References5
Rows per page
Query Builder