causalegm (>=0.2.1 <=0.2.5), chrombpnet (>=0.1.0 <=0.1.2) +3 more potentially affected by CVE-2022-29191 via tensorflow-gpu (=2.8.0)

tensorflow-gpu PYPI version =2.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - causalegm =0.2.1, =0.1.0, =0.0.6, =2.3.5, =2.4.1 - tlaunch =0.0.2 Source cves: CVE-2022-29191 Source advisory: OSV:GHSA-FV25-WRFF-W...

GHSA-FV25-WRFF-WF86 Missing validation causes denial of service via `GetSessionTensor`

Impact The implementation of tf.rawops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf handle = tf.constant"", shape=0, dtype=tf.string...

Missing validation causes denial of service via `GetSessionTensor`

Impact The implementation of tf.rawops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf handle = tf.constant"", shape=0, dtype=tf.string...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4878 more potentially affected by CVE-2022-29193 via tensorflow (>=1.0.1 <=2.6.3)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-29193 Source advisory: OSV:GHSA-2P9Q-H29J-3F5V...

aadhaar-detection (=0.5.0), accuinsight (>=1.0.84 <=1.0.87) +39 more potentially affected by CVE-2022-29193 via tensorflow (>=2.7.0 <=2.7.1)

tensorflow PYPI version =2.7.0, =1.0.84, =3.0.22, =0.1.11, =0.1.11, =0.1.11, =0.1.0, =0.0.1, =1.2.1, =0.1.5.dev202303131412, =0.1.0, =0.1.1 and more Source cves: CVE-2022-29193 Source advisory: OSV:GHSA-2P9Q-H29J-3F5V...

acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-29193 via tensorflow (>=2.8.0 <=2.8.0rc1)

tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-29193 Source advisory: OSV:GHSA-2P9Q-H29J-3F5V...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-29193 via tensorflow-cpu (>=1.15.0 <=2.5.3)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-29193 Source advisory: OSV:GHSA-2P9Q-H29J-3F5V...

lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by CVE-2022-29193 via tensorflow-cpu (=2.7.0)

tensorflow-cpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - lsmmdma =0.0.4, =0.1.7 - tpu-tf2 =1.0.0 Source cves: CVE-2022-29193 Source advisory: OSV:GHSA-2P9Q-H29J-3F5V...

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +176 more potentially affected by CVE-2022-29193 via tensorflow-gpu (>=1.10.1 <=2.6.3)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-29193 Source advisory: OSV:GHSA-2P9Q-H29J-3F5V...

rpnet (>=0.0.1 <=0.1.0), rpnet-dev (>=0.0.5 <=0.0.12) +4 more potentially affected by CVE-2022-29193 via tensorflow-gpu (=2.7.0)

tensorflow-gpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - rpnet =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-29193 Source advisory:...

causalegm (>=0.2.1 <=0.2.5), chrombpnet (>=0.1.0 <=0.1.2) +3 more potentially affected by CVE-2022-29193 via tensorflow-gpu (=2.8.0)

tensorflow-gpu PYPI version =2.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - causalegm =0.2.1, =0.1.0, =0.0.6, =2.3.5, =2.4.1 - tlaunch =0.0.2 Source cves: CVE-2022-29193 Source advisory: OSV:GHSA-2P9Q-H29J-3...

GHSA-2P9Q-H29J-3F5V Missing validation causes `TensorSummaryV2` to crash

Impact The implementation of tf.rawops.TensorSummaryV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import numpy as np import tensorflow as tf tf.rawops.TensorSummaryV2 tag=np.array'test',...

Missing validation causes `TensorSummaryV2` to crash

Impact The implementation of tf.rawops.TensorSummaryV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import numpy as np import tensorflow as tf tf.rawops.TensorSummaryV2 tag=np.array'test',...

Heap-based Buffer Overflow

tensorflow is vulnerable to heap-based buffer overflow. The use of AllocatedBytes in the insecure hash function AbslHashValue allows local authenticated attackers to cause heap-based buffer overflows resulting in denial of service conditions...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists because the tf.rawops.GetSessionTensor in sessionops.cc does not properly validate the input arguments, allowing an attacker to crash the application through the CHECK failure...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists due to the lack of input validation in the tf.rawops.QuantizedConv2D of quantizedconvops.cc, resulting in a null pointer dereferences, allowing an attacker to crash the application by providing zero-sized inputs...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists because the GetDeviceForInput function of execute.cc does not properly handle empty resources allowing an attacker to crash the application through the null pointer dereferences when using eager mode...

Google TensorFlow Resource Management Error Vulnerability (CNVD-2022-44172)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A resource management error vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from the fact that tf.ragged.consta...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-44173)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in Google TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which stems from the fact that tf.rawops.Conv3DBackpropFilterV2 does not ful...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-44160)

Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable to input validation errors in versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, stemming from tf.rawops DeleteSessionTensor does not fully validate the input parameters and can be exploited ...