CVE-2022-35935 `CHECK` failure in `SobolSample` via missing validation in TensorFlow

TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure assertion failure caused by assuming input0, input1, and input2 to be scalar. This issue has been patched in GitHub commit...

CVE-2022-35935

TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure assertion failure caused by assuming input0, input1, and input2 to be scalar. This issue has been patched in GitHub commit...

CVE-2022-35938 OOB read in `Gather_nd` op in TensorFlow Lite Micro

TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been...

CVE-2022-35938

CVE-2022-35938 affects TensorFlow and TensorFlow Lite Micro GatherNd where inputs can trigger an out-of-bounds read or crash when sizes mismatch. The issue is patched in commit 4142e47e9e31db481781b955ed3ff807a781b494 and the fix will be included in TensorFlow 2.10.0, with cherry-picks to 2.9.1, ...

CVE-2022-35938 OOB read in `Gather_nd` op in TensorFlow Lite Micro

TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been...

CVE-2022-35938 OOB read in `Gather_nd` op in TensorFlow Lite Micro

TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been...

CVE-2022-35934 `CHECK` failure in tf.reshape in Tensorflow

TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit...

CVE-2022-35934

CVE-2022-35934 : TensorFlow’s tf.reshape op is vulnerable to a denial of service caused by a CHECK-failure when overflowing the number of tensor elements. The issue is patched in commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555; the fix is planned for TensorFlow 2.10.0 and will be cherry-picked to...

CVE-2022-35934 `CHECK` failure in tf.reshape in Tensorflow

TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit...

CVE-2022-35934

TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit...

CVE-2022-35934 `CHECK` failure in tf.reshape in Tensorflow

TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4899 more potentially affected by CVE-2022-35997 via tensorflow (>=1.0.1 <=2.7.1)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-35997 Source advisory: OSV:GHSA-P7HR-F446-X6QF...

aliby (>=0.1.18 <=0.1.55), aliby-baby (>=0.1.11 <=0.1.17) +29 more potentially affected by CVE-2022-35997 via tensorflow (>=2.9.0 <=2.9.0rc2)

tensorflow PYPI version =2.9.0, =0.1.18, =0.1.11, =0.30.0, =0.0.0, =1.3.0, =0.3.0, =1.0.1, =1.2.0, =0.0.6, =1.0.12, =0.1.0, =0.1.1 and more Source cves: CVE-2022-35997 Source advisory: OSV:GHSA-P7HR-F446-X6QF...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by CVE-2022-35997 via tensorflow-cpu (>=1.15.0 <=2.7.0)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-35997 Source advisory: OSV:GHSA-P7HR-F446-X6QF...

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +182 more potentially affected by CVE-2022-35997 via tensorflow-gpu (>=1.10.1 <=2.7.0)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-35997 Source advisory: OSV:GHSA-P7HR-F446-X6QF...

causalegm (>=0.2.1 <=0.2.5), chrombpnet (>=0.1.0 <=0.1.2) +3 more potentially affected by CVE-2022-35997 via tensorflow-gpu (=2.8.0)

tensorflow-gpu PYPI version =2.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - causalegm =0.2.1, =0.1.0, =0.0.6, =2.3.5, =2.4.1 - tlaunch =0.0.2 Source cves: CVE-2022-35997 Source advisory: OSV:GHSA-P7HR-F446-X...

clip-jax (=0.0.5) potentially affected by CVE-2022-35997 via tensorflow-cpu (=2.9.0)

tensorflow-cpu PYPI version =2.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - clip-jax =0.0.5 Source cves: CVE-2022-35997 Source advisory: OSV:GHSA-P7HR-F446-X6QF...

acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-35997 via tensorflow (>=2.8.0 <=2.8.0rc1)

tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-35997 Source advisory: OSV:GHSA-P7HR-F446-X6QF...

GHSA-P7HR-F446-X6QF TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross`

Impact If tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf tf.sparse.crossinputs=,name='a',separator=tf.constant'a', 'b',dtype=tf.string Patches We have patched the issue ...

TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross`

Impact If tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf tf.sparse.crossinputs=,name='a',separator=tf.constant'a', 'b',dtype=tf.string Patches We have patched the issue ...