Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-11505)

Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google Tensorflow is vulnerable to an input validation error, which can be exploited by attackers to cause a denial of service...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-11504)

Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google Tensorflow suffers from an input validation error vulnerability, which can be exploited by an attacker to cause a CHECK failure denial-of-service based assertion failure and result in a denial of...

Google TensorFlow code issue vulnerability (CNVD-2022-11512)

Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google Tensorflow is vulnerable to a code issue that could be exploited by an attacker to deny service by passing in parameters that would trigger a CHECK failure...

Google TensorFlow buffer overflow vulnerability (CNVD-2022-11510)

Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google TensorFlow has a buffer overflow vulnerability, which stems from the fact that the implementation of SparseCountSparseOutput is prone to heap overflow and can be exploited by an attacker to cause ...

Google TensorFlow buffer overflow vulnerability (CNVD-2022-11509)

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google Tensorflow has a buffer overflow vulnerability that stems from the fact that Dequantize's implementation does not fully validate the value of axis, which can be exploited by an attacker to caus...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-11508)

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google Tensorflow suffers from an input validation error vulnerability, which stems from the fact that implementations of dequantized shape inference are vulnerable to integer overflow weaknesses, whi...

Google TensorFlow buffer overflow vulnerability (CNVD-2022-11507)

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google Tensorflow has a buffer overflow vulnerability, which stems from the implementation of ReverseSequence's shape inference does not fully validate the value of batch dim, and an attacker can...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-11511)

Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google Tensorflow is vulnerable to an input validation error, which can be exploited by attackers to cause a denial of service...

Google TensorFlow buffer overflow vulnerability (CNVD-2022-11506)

Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google Tensorflow suffers from a buffer overflow vulnerability that stems from the fact that the implementation of FractionalAvgPoolGrad does not account for invalid input tensor, which can be exploited ...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists due to a memory leak in the implementation of ImmutableExecutorState::Initialize...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The use of a const qualifier in constantfolding.cc, leading to a CHECK-failure assertion failure...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. An attacker is able to cause CHECK-fail via malicious arguments, causing an application crash...

Integer Overflow

tensorflow is vulnerable to integer overflow. The vulnerability exists in CalculateTensorSize function of oplevelcostestimator.cc because the input size has not been checked which allows an attacker to insert large numbers of elements that causes an application crash...

Integer Overflow

tensorflow is vulnerable to integer overflow. The vulnerability exists in OpLevelCostEstimator::CalculateOutputSize function of oplevelcostestimator.cc because it doesn't validate the size of the user input which leads to an application crash...

lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by CVE-2022-23583 via tensorflow-cpu (=2.7.0)

tensorflow-cpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - lsmmdma =0.0.4, =0.1.7 - tpu-tf2 =1.0.0 Source cves: CVE-2022-23583 Source advisory: OSV:GHSA-GJQC-Q9G6-Q2J3...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23583 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23583 Source advisory: OSV:GHSA-GJQC-Q9G6-Q2J3...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23583 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-23583 Source advisory: OSV:GHSA-GJQC-Q9G6-Q2J3...

aadhaar-detection (=0.5.0), accuinsight (>=1.0.84 <=1.0.87) +38 more potentially affected by CVE-2022-23583 via tensorflow (>=2.7.0 <=2.7.0rc1)

tensorflow PYPI version =2.7.0, =1.0.84, =3.0.22, =0.1.11, =0.1.11, =0.1.11, =0.1.0, =0.0.1, =0.1.5.dev202303131412, =0.1.0, =0.1.1 and more Source cves: CVE-2022-23583 Source advisory: OSV:GHSA-GJQC-Q9G6-Q2J3...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4847 more potentially affected by CVE-2022-23583 via tensorflow (>=1.0.1 <=2.5.2)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-23583 Source advisory: OSV:GHSA-GJQC-Q9G6-Q2J3...

rpnet (>=0.0.1 <=0.1.0), rpnet-dev (>=0.0.5 <=0.0.12) +4 more potentially affected by CVE-2022-23583 via tensorflow-gpu (=2.7.0)

tensorflow-gpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - rpnet =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-23583 Source advisory:...