Lucene search
K

14329 matches found

OSV
OSV
added 2022/02/04 10:32 p.m.30 views

CVE-2022-23589 Null pointer dereference in Grappler's `IsConstant` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file fixing the first one would trigger the same...

6.5CVSS6.4AI score0.01097EPSS
Exploits1References7
CVE
CVE
added 2022/02/04 10:32 p.m.117 views

CVE-2022-23586

TensorFlow vulnerability CVE-2022-23586 affects the SavedModel path via assertions in function.cc, enabling denial of service by a malicious SavedModel that crashes the Python interpreter. Root cause is CHECK/assertion failures in function.cc when a SavedModel is altered. Affected releases map to...

6.5CVSS6.4AI score0.008EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/02/04 10:32 p.m.5 views

CVE-2022-23586 Multiple `CHECK`-fails in `function.cc` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

6.5CVSS6.4AI score0.008EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.25 views

CVE-2022-23586 Multiple `CHECK`-fails in `function.cc` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

6.5CVSS6.6AI score0.008EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2022/02/04 10:32 p.m.5 views

CVE-2022-23586

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

6.5CVSS6.8AI score0.008EPSS
Exploits1
OSV
OSV
added 2022/02/04 10:32 p.m.18 views

CVE-2022-23586 Multiple `CHECK`-fails in `function.cc` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

6.5CVSS6.3AI score0.008EPSS
Exploits1References6
CVE
CVE
added 2022/02/04 10:32 p.m.121 views

CVE-2022-23583

TensorFlow vulnerability CVE-2022-23583: a type confusion caused by modifying the SavedModel’s tensor protobufs can let a remote attacker trigger CHECK failures in templated binary operators, leading to a denial of service. Affected: various TF releases up to 2.8.x (and cherry-picks on 2.7.1, 2.6...

6.5CVSS6.4AI score0.00789EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.46 views

CVE-2022-23583 `CHECK`-failures in binary ops in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that any binary op would trigger CHECK failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the dtype no longer...

6.5CVSS6.6AI score0.00789EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/02/04 10:32 p.m.4 views

CVE-2022-23583 `CHECK`-failures in binary ops in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that any binary op would trigger CHECK failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the dtype no longer...

6.5CVSS6.3AI score0.00789EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/02/04 10:32 p.m.4 views

CVE-2022-23583

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that any binary op would trigger CHECK failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the dtype no longer...

6.5CVSS6.8AI score0.00789EPSS
Exploits1
OSV
OSV
added 2022/02/04 10:32 p.m.23 views

CVE-2022-23583 `CHECK`-failures in binary ops in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that any binary op would trigger CHECK failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the dtype no longer...

6.5CVSS6.3AI score0.00789EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.26 views

CVE-2022-23582 `CHECK`-failures in `TensorByteSize` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow t...

6.5CVSS6.5AI score0.00783EPSS
Exploits1References3
CVE
CVE
added 2022/02/04 10:32 p.m.109 views

CVE-2022-23582

CVE-2022-23582 affects TensorFlow: a malicious SavedModel can trigger a denial of service via TensorByteSize CHECK failures caused by shape handling in TensorShape/PartialTensorShape (shape partials or large element counts). Root cause is TensorShape throwing on partial/large shapes; PartialTenso...

6.5CVSS6.4AI score0.00783EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/02/04 10:32 p.m.18 views

CVE-2022-23582 `CHECK`-failures in `TensorByteSize` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow t...

6.5CVSS6.3AI score0.00783EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.33 views

CVE-2022-23584 Use after free in `DecodePng` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode&decode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow...

7.6CVSS7.8AI score0.00725EPSS
Exploits1References3
OSV
OSV
added 2022/02/04 10:32 p.m.31 views

CVE-2022-23584 Use after free in `DecodePng` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode&decode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow...

7.6CVSS6.7AI score0.00725EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2022/02/04 10:32 p.m.4 views

CVE-2022-23584 Use after free in `DecodePng` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode&decode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow...

7.6CVSS7.6AI score0.00725EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/02/04 10:32 p.m.4 views

CVE-2022-23584

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode&decode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow...

7.6CVSS7AI score0.00725EPSS
Exploits1
CVE
CVE
added 2022/02/04 10:32 p.m.105 views

CVE-2022-23584

TensorFlow PNG decoding contains a use-after-free in png::CommonFreeDecode(&decode) where, after the call, decode.width and decode.height are in an unspecified state. This TF vulnerability (CVE-2022-23584) affects the TensorFlow PNG decode path and can lead to memory corruption or crashes when de...

7.6CVSS6.8AI score0.00725EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/02/04 10:32 p.m.4 views

CVE-2022-23592 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a DCHECK which is a no-op during production. An attacker can control the inputidx variable such that ix would be larger than the number of...

8.1CVSS8AI score0.00858EPSS
Exploits1References3
Rows per page
Query Builder