Lucene search
K

14329 matches found

Cvelist
Cvelist
added 2022/02/04 10:32 p.m.31 views

CVE-2022-23592 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a DCHECK which is a no-op during production. An attacker can control the inputidx variable such that ix would be larger than the number of...

8.1CVSS8.2AI score0.00858EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.31 views

CVE-2022-23587 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior...

8.8CVSS9.8AI score0.00888EPSS
Exploits1References3
CVE
CVE
added 2022/02/04 10:32 p.m.111 views

CVE-2022-23592

CVE-2022-23592 : TensorFlow’s type inference can trigger a heap out-of-bounds read when input_idx controls ix, risking access beyond node_t.args. This occurs because bounds checks run via DCHECK (no-op in production). The issue affects the TensorFlow release line noted as the only affected versio...

8.1CVSS7.8AI score0.00858EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/02/04 10:32 p.m.20 views

CVE-2022-23592 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a DCHECK which is a no-op during production. An attacker can control the inputidx variable such that ix would be larger than the number of...

8.1CVSS7.9AI score0.00858EPSS
Exploits1References5
CVE
CVE
added 2022/02/04 10:32 p.m.122 views

CVE-2022-23587

CVE-2022-23587 concerns TensorFlow, specifically the Grappler cost-estimator path. The vulnerability is an integer overflow in the cost estimation for crop and resize within Grappler, triggered by user-controlled cropping parameters, which can lead to undefined behavior. The patch is committed (c...

9.8CVSS9.2AI score0.00888EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/02/04 10:32 p.m.4 views

CVE-2022-23587 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior...

8.8CVSS9.5AI score0.00888EPSS
Exploits1References3
OSV
OSV
added 2022/02/04 10:32 p.m.29 views

CVE-2022-23587 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior...

8.8CVSS9.2AI score0.00888EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2022/02/04 10:32 p.m.3 views

CVE-2022-23592

Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a DCHECK which is a no-op during production. An attacker can control the inputidx variable such that ix would be larger than the number of...

8.1CVSS7AI score0.00858EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/02/04 10:32 p.m.3 views

CVE-2022-23587

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior...

9.8CVSS7.2AI score0.00888EPSS
Exploits1
CVE
CVE
added 2022/02/04 10:32 p.m.97 views

CVE-2022-23595

TensorFlow (CVE-2022-23595) is a vulnerability caused by a null pointer dereference when building the XLA compilation cache under default settings, where flr->config_proto may be nullptr. The issue affects TensorFlow releases up to 2.8.0, with cherry-picks planned for 2.7.1, 2.6.3, and 2.5.3. ...

6.5CVSS6AI score0.00774EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/02/04 10:32 p.m.5 views

CVE-2022-23595 Null pointer dereference in TensorFlow

Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so flr-configproto is nullptr. The fix will be included in TensorFlow...

5.3CVSS6.5AI score0.00774EPSS
Exploits1References3
OSV
OSV
added 2022/02/04 10:32 p.m.28 views

CVE-2022-23595 Null pointer dereference in TensorFlow

Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so flr-configproto is nullptr. The fix will be included in TensorFlow...

5.3CVSS6.4AI score0.00774EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.13 views

CVE-2022-23595 Null pointer dereference in TensorFlow

Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so flr-configproto is nullptr. The fix will be included in TensorFlow...

5.3CVSS6.7AI score0.00774EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/02/04 10:32 p.m.4 views

CVE-2022-23595

Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so flr-configproto is nullptr. The fix will be included in TensorFlow...

6.5CVSS7AI score0.00774EPSS
Exploits1
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.24 views

CVE-2022-23594 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef i...

8.8CVSS9AI score0.00142EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/02/04 10:32 p.m.7 views

CVE-2022-23594 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef i...

8.8CVSS8.8AI score0.00142EPSS
Exploits0References2
CVE
CVE
added 2022/02/04 10:32 p.m.83 views

CVE-2022-23594

TensorFlow MLIR/TFG GraphDef handling flaw: if a SavedModel is on disk with altered format, conversion to the MLIR-based IR can crash the Python interpreter and may enable heap out-of-bounds reads. Affected scope includes the MLIR import path and associated GraphDef assumptions; exploitation deta...

8.8CVSS5.9AI score0.00142EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/02/04 10:32 p.m.19 views

CVE-2022-23594 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef i...

8.8CVSS6.6AI score0.00142EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.23 views

CVE-2022-23590 Crash due to erroneous `StatusOr` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple...

5.9CVSS7.7AI score0.00973EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/02/04 10:32 p.m.2 views

CVE-2022-23590 Crash due to erroneous `StatusOr` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple...

5.9CVSS7.5AI score0.00973EPSS
Exploits1References3
Rows per page
Query Builder