Google TensorFlow MirrorPadGrad buffer overflow vulnerability

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer overflow vulnerability exists in Google TensorFlow, which originates from the "MirrorPadGrad" input "paddings" is too large, an attacker can use this vulnerability to cause a heap memory...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. The vulnerability exists due to a segment fault in ndarraytensorbridge because the inputs are not properly validated which allows an attacker to cause an application crash...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. The vulnerability exists because the elementshape input is not properly validated which allows an attacker to cause an application crash due to a segmentation fault...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service DoS attacks. An attacker is able to cause denial of service conditions via providing an invalid encoded input through the CompositeTensorVariant tensor, which triggers a segmentation fault in tf.rawops.CompositeTensorVariantToComponents...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service DoS attacks. An attacker is able to cause denial of service conditions via providing an input token that is not a UTF-8 bytestring to tf.rawops.PyFunc, which may trigger a CHECK fail...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service DoS attacks. An attacker is able to cause denial of service conditions via providing a large input size through tf.rawops.ResizeNearestNeighborGrad, causing buffer overflows...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service DoS attacks. An attacker is able to cause denial of service conditions by providing a sparsematrix input that is not a matrix with a shape of rank 0, triggering a CHECK fail in tf.rawops.SparseMatrixNNZ...

Remote Code Execution

tensorflow is vulnerable to remote code execution. An attacker is able to cause buffer overflows by setting poolingratio input to less then 1, leading to heap memory access, possibly resulting in remote code execution...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service DoS attacks. An attacker is able to cause denial of service conditions due to improper validation of user Inputs, densefeatures and examplestatedata, resulting in a CHECK fail in SdcaOptimizer...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service DoS attacks. An attacker is able to cause denial of service conditions by providing empty inputs through SparseFillEmptyRowsGrad...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. The vulnerability exists because the input size of BCast::ToShape is not properly handled which allows an attacker to crash the application by sending inputs larger than int32...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service DoS attacks. When a MirrorPadGrad is given outsize input paddings, the library gives a heap out of bound error, which allows an attacker to cause tensorflow to crash...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. A attacker can crash the application by providing outsize inputs to rowpoolingsequence and colpoolingsequence parameters in FractionMaxPoolGrad...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists when the ThreadUnsafeUnigramCandidateSampler is given input to filterbankchannelcount greater than the allowed max size, allowing an attacker to crash the application...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists because the PrintOneDimV2 function of tensor.cc does not properly convert char values to bool, allowing an attacker to cause an application crash...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists because the Compute function of listkernels.cc does not properly validate the input size, allowing an attacker to cause an application crash by providing a non-scalar input...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists because the SetOpAttrList function of pywraptfesrc.cc fails to parse the tensor and returns a nullptr without proper error handling, allowing an attacker to cause an application crash through the null pointer dereference...

aimodelshare (>=0.0.157 <=0.1.0), aliby (>=0.1.18 <=0.1.55) +69 more potentially affected by CVE-2022-41880 via tensorflow (>=2.9.0 <=2.9.2)

tensorflow PYPI version =2.9.0, =0.0.157, =0.1.18, =0.1.11, =0.30.0, =0.2.6, =0.0.1, =1.0.0, =0.0.0, =4.8.2, =0.9.0, =0.99.1 - cvt-tensorflow =1.1.4 and more Source cves: CVE-2022-41880 Source advisory: OSV:GHSA-8W5G-3WCV-9G2J...

clip-jax (=0.0.5), sdeper (>=1.1.0 <=1.6.1) potentially affected by CVE-2022-41880 via tensorflow-cpu (>=2.9.0 <=2.9.1)

tensorflow-cpu PYPI version =2.9.0, =1.1.0, =1.6.1 Source cves: CVE-2022-41880 Source advisory: OSV:GHSA-8W5G-3WCV-9G2J...

aggmap (>=1.1.1 <=1.2.1), molmap (>=1.3.1 <=1.4.0) potentially affected by CVE-2022-41880 via tensorflow-gpu (=2.9.1)

tensorflow-gpu PYPI version =2.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - aggmap =1.1.1, =1.3.1, =1.4.0 Source cves: CVE-2022-41880 Source advisory: OSV:GHSA-8W5G-3WCV-9G2J...