Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. An attacker can crash the application through the GraphDef in tensorflow SavedModel by providing an invalid argument to ctortype...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization of a CHECK assertion in resource handle tensor from protobuf allowing an attacker to crash the system via maliciously crafted controlled arguments...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4847 more potentially affected by CVE-2022-23580 via tensorflow (>=1.0.1 <=2.5.2)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-23580 Source advisory: OSV:GHSA-627Q-G293-49Q7...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +42 more potentially affected by CVE-2022-23580 via tensorflow (>=2.6.0 <=2.6.2)

tensorflow PYPI version =2.6.0, =0.0.2, =1.0.1, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =1.1.2 - imgtovar =0.8.5 and more Source cves: CVE-2022-23580 Source advisory: OSV:GHSA-627Q-G293-49Q7...

aadhaar-detection (=0.5.0), accuinsight (>=1.0.84 <=1.0.87) +38 more potentially affected by CVE-2022-23580 via tensorflow (>=2.7.0 <=2.7.0rc1)

tensorflow PYPI version =2.7.0, =1.0.84, =3.0.22, =0.1.11, =0.1.11, =0.1.11, =0.1.0, =0.0.1, =0.1.5.dev202303131412, =0.1.0, =0.1.1 and more Source cves: CVE-2022-23580 Source advisory: OSV:GHSA-627Q-G293-49Q7...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23580 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-23580 Source advisory: OSV:GHSA-627Q-G293-49Q7...

lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by CVE-2022-23580 via tensorflow-cpu (=2.7.0)

tensorflow-cpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - lsmmdma =0.0.4, =0.1.7 - tpu-tf2 =1.0.0 Source cves: CVE-2022-23580 Source advisory: OSV:GHSA-627Q-G293-49Q7...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23580 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23580 Source advisory: OSV:GHSA-627Q-G293-49Q7...

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-23580 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-23580 Source advisory: OSV:GHSA-627Q-G293-49Q7...

rpnet (>=0.0.1 <=0.1.0), rpnet-dev (>=0.0.5 <=0.0.12) +4 more potentially affected by CVE-2022-23580 via tensorflow-gpu (=2.7.0)

tensorflow-gpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - rpnet =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-23580 Source advisory:...

GHSA-627Q-G293-49Q7 Abort caused by allocating a vector that is too large in Tensorflow

Impact During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user: cc const auto numdims = Valueshapedim; std::vector dims; dims.reservenumdims; Patches We have patched the issue in GitHub commit 1361fb7e29449629e1df94d44e0427ebec8c83c7. T...

Abort caused by allocating a vector that is too large in Tensorflow

Impact During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user: cc const auto numdims = Valueshapedim; std::vector dims; dims.reservenumdims; Patches We have patched the issue in GitHub commit 1361fb7e29449629e1df94d44e0427ebec8c83c7. T...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4847 more potentially affected by CVE-2022-23581 via tensorflow (>=1.0.1 <=2.5.2)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-23581 Source advisory: OSV:GHSA-FQ86-3F29-PX2C...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +42 more potentially affected by CVE-2022-23581 via tensorflow (>=2.6.0 <=2.6.2)

tensorflow PYPI version =2.6.0, =0.0.2, =1.0.1, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =1.1.2 - imgtovar =0.8.5 and more Source cves: CVE-2022-23581 Source advisory: OSV:GHSA-FQ86-3F29-PX2C...

aadhaar-detection (=0.5.0), accuinsight (>=1.0.84 <=1.0.87) +38 more potentially affected by CVE-2022-23581 via tensorflow (>=2.7.0 <=2.7.0rc1)

tensorflow PYPI version =2.7.0, =1.0.84, =3.0.22, =0.1.11, =0.1.11, =0.1.11, =0.1.0, =0.0.1, =0.1.5.dev202303131412, =0.1.0, =0.1.1 and more Source cves: CVE-2022-23581 Source advisory: OSV:GHSA-FQ86-3F29-PX2C...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23581 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-23581 Source advisory: OSV:GHSA-FQ86-3F29-PX2C...

lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by CVE-2022-23581 via tensorflow-cpu (=2.7.0)

tensorflow-cpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - lsmmdma =0.0.4, =0.1.7 - tpu-tf2 =1.0.0 Source cves: CVE-2022-23581 Source advisory: OSV:GHSA-FQ86-3F29-PX2C...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23581 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23581 Source advisory: OSV:GHSA-FQ86-3F29-PX2C...

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-23581 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-23581 Source advisory: OSV:GHSA-FQ86-3F29-PX2C...

rpnet (>=0.0.1 <=0.1.0), rpnet-dev (>=0.0.5 <=0.0.12) +4 more potentially affected by CVE-2022-23581 via tensorflow-gpu (=2.7.0)

tensorflow-gpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - rpnet =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-23581 Source advisory:...