14326 matches found
TensorFlow vulnerable to segfault in `QuantizedBiasAdd`
Impact If QuantizedBiasAdd is given mininput, maxinput, minbias, maxbias tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf outtype = tf.qint32 input = tf.constant85,170,255, shape=3, dtype=tf.quint8 bias =...
GHSA-4PC4-M9MJ-V2R9 TensorFlow vulnerable to segfault in `QuantizedBiasAdd`
Impact If QuantizedBiasAdd is given mininput, maxinput, minbias, maxbias tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf outtype = tf.qint32 input = tf.constant85,170,255, shape=3, dtype=tf.quint8 bias =...
CVE-2022-35994 `CHECK` fail in `CollectiveGather` in TensorFlow
TensorFlow is an open source platform for machine learning. When CollectiveGather receives an scalar input input, it gives a CHECK fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c1f491817dec39a26be3c574e86a88c30f3c4770. The fix will be...
CVE-2022-35994
CVE-2022-35994 is a denial-of-service issue in TensorFlow’s CollectiveGather when given a scalar input. Root cause: a CHECK failure in CollectiveGather. A patch was committed (c1f491817dec39a26be3c574e86a88c30f3c4770) and will be included in TensorFlow 2.10.0; the fix will also be cherry-picked t...
CVE-2022-35994 `CHECK` fail in `CollectiveGather` in TensorFlow
TensorFlow is an open source platform for machine learning. When CollectiveGather receives an scalar input input, it gives a CHECK fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c1f491817dec39a26be3c574e86a88c30f3c4770. The fix will be...
CVE-2022-35994
TensorFlow is an open source platform for machine learning. When CollectiveGather receives an scalar input input, it gives a CHECK fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c1f491817dec39a26be3c574e86a88c30f3c4770. The fix will be...
CVE-2022-35993
TensorFlow CVE-2022-35993 concerns a CHECK failure in SetSize when set_shape is not 1D, allowing a denial-of-service condition. The issue is attributed to SetSize input validation and is mitigated by a patch in commit cf70b79d2662c0d3c6af74583641e345fc939467, with fixes planned for TensorFlow 2.1...
CVE-2022-35993 `CHECK` fail in `SetSize` in TensorFlow
TensorFlow is an open source platform for machine learning. When SetSize receives an input setshape that is not a 1D tensor, it gives a CHECK fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467. The fix...
CVE-2022-35993 `CHECK` fail in `SetSize` in TensorFlow
TensorFlow is an open source platform for machine learning. When SetSize receives an input setshape that is not a 1D tensor, it gives a CHECK fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467. The fix...
CVE-2022-35993
TensorFlow is an open source platform for machine learning. When SetSize receives an input setshape that is not a 1D tensor, it gives a CHECK fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467. The fix...
CVE-2022-35992
TensorFlow’s CVE-2022-35992 affects TensorListFromTensor when element_shape has rank > 1, triggering a CHECK failure that can lead to denial of service. The issue is addressed by GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee and will be fixed in TensorFlow 2.10.0; Red Hat and IBM advi...
CVE-2022-35992 `CHECK` fail in `TensorListFromTensor` in TensorFlow
TensorFlow is an open source platform for machine learning. When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fi...
CVE-2022-35992 `CHECK` fail in `TensorListFromTensor` in TensorFlow
TensorFlow is an open source platform for machine learning. When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fi...
CVE-2022-35992
TensorFlow is an open source platform for machine learning. When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fi...
CVE-2022-35991 `CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in TensorFlow
TensorFlow is an open source platform for machine learning. When TensorListScatter and TensorListScatterV2 receive an elementshape of a rank greater than one, they give a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit...
CVE-2022-35991 `CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in TensorFlow
TensorFlow is an open source platform for machine learning. When TensorListScatter and TensorListScatterV2 receive an elementshape of a rank greater than one, they give a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit...
CVE-2022-35991
TensorFlow CVE-2022-35991 affects TensorListScatter and TensorListScatterV2 when element_shape has rank greater than one, triggering a CHECK failure that can lead to a denial of service. The issue is documented in OSV entries (BIT-TENSORFLOW-2022-35991) and related advisories, which confirm a pat...
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4899 more potentially affected by CVE-2022-35971 via tensorflow (>=1.0.1 <=2.7.1)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-35971 Source advisory: OSV:GHSA-9FPG-838V-WPV7...
acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-35971 via tensorflow (>=2.8.0 <=2.8.0rc1)
tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-35971 Source advisory: OSV:GHSA-9FPG-838V-WPV7...
aliby (>=0.1.18 <=0.1.55), aliby-baby (>=0.1.11 <=0.1.17) +29 more potentially affected by CVE-2022-35971 via tensorflow (>=2.9.0 <=2.9.0rc2)
tensorflow PYPI version =2.9.0, =0.1.18, =0.1.11, =0.30.0, =0.0.0, =1.3.0, =0.3.0, =1.0.1, =1.2.0, =0.0.6, =1.0.12, =0.1.0, =0.1.1 and more Source cves: CVE-2022-35971 Source advisory: OSV:GHSA-9FPG-838V-WPV7...