14324 matches found
CVE-2022-35940 Int overflow in `RaggedRangeOp` in Tensoflow
TensorFlow is an open source platform for machine learning. The RaggedRangOp function takes an argument limits that is eventually used to construct a TensorShape as an int64. If limits is a very large float, it can overflow when converted to an int64. This triggers an InvalidArgument but also...
CVE-2022-35940
TensorFlow is an open source platform for machine learning. The RaggedRangOp function takes an argument limits that is eventually used to construct a TensorShape as an int64. If limits is a very large float, it can overflow when converted to an int64. This triggers an InvalidArgument but also...
CVE-2022-35941 `CHECK` failure in `AvgPoolOp` in Tensorflow
TensorFlow is an open source platform for machine learning. The AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program. We have patched the issue in GitHub commit...
CVE-2022-35941 `CHECK` failure in `AvgPoolOp` in Tensorflow
TensorFlow is an open source platform for machine learning. The AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program. We have patched the issue in GitHub commit...
CVE-2022-35941
CVE-2022-35941 affects TensorFlow: AvgPoolOp accepts a positive ksize but does not validate it, enabling a potential crash via a negative ksize. The issue is fixed in commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f and will be included in TensorFlow 2.10.0; the patch will be cherry-picked for TF ...
CVE-2022-35941 `CHECK` failure in `AvgPoolOp` in Tensorflow
TensorFlow is an open source platform for machine learning. The AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program. We have patched the issue in GitHub commit...
CVE-2022-35941
TensorFlow is an open source platform for machine learning. The AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program. We have patched the issue in GitHub commit...
CVE-2022-35937 OOB read in `Gather_nd` op in TensorFlow Lite
TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in...
CVE-2022-35937 OOB read in `Gather_nd` op in TensorFlow Lite
TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in...
CVE-2022-35937
TensorFlow Lite GatherNd contains an out-of-bounds read when input indices can exceed output sizes. The issue is fixed via patch 595a65a3e224a0362d7e68c2213acfc2b499a196, with the fix planned for TensorFlow 2.10.0 and cherry-picks for 2.9.1, 2.8.1, and 2.7.2 (all in the supported range). There ar...
CVE-2022-35937 OOB read in `Gather_nd` op in TensorFlow Lite
TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in...
CVE-2022-35937
TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in...
CVE-2022-35939 Out of bounds write in `scatter_nd` op in TensorFlow Lite
TensorFlow is an open source platform for machine learning. The ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have...
CVE-2022-35939
CVE-2022-35939 concerns TensorFlow’s ScatterNd in TensorFlow Lite and core TF, where an input index outside the output bounds can write at an invalid location or crash. The issue is fixed via commit b4d4b4cb019bd7240a52daa4ba61e3cc814f0384 and the patch is scheduled for inclusion in TensorFlow 2....
CVE-2022-35939 Out of bounds write in `scatter_nd` op in TensorFlow Lite
TensorFlow is an open source platform for machine learning. The ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have...
CVE-2022-35939 Out of bounds write in `scatter_nd` op in TensorFlow Lite
TensorFlow is an open source platform for machine learning. The ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have...
CVE-2022-35939
TensorFlow is an open source platform for machine learning. The ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have...
CVE-2022-35935 `CHECK` failure in `SobolSample` via missing validation in TensorFlow
TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure assertion failure caused by assuming input0, input1, and input2 to be scalar. This issue has been patched in GitHub commit...
CVE-2022-35935 `CHECK` failure in `SobolSample` via missing validation in TensorFlow
TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure assertion failure caused by assuming input0, input1, and input2 to be scalar. This issue has been patched in GitHub commit...
CVE-2022-35935
CVE-2022-35935 affects TensorFlow via SobolSampleOp triggering a denial of service from a misvalidation that assumes input(0), input(1), and input(2) are scalar, causing a CHECK failure. The issue has been patched in the GitHub commit c65c67f88ad770662e8f191269a907bf2b94b1bf, with the fix slated ...