14326 matches found
CVE-2022-23571
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments, if the tensors have an invalid dtype and 0 elements or an invalid shape. This allows...
CVE-2022-23571 Reachable Assertion in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments, if the tensors have an invalid dtype and 0 elements or an invalid shape. This allows...
CVE-2022-23566 Out of bounds write in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in Grappler. The setoutput function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also...
CVE-2022-23566
CVE-2022-23566 describes a heap out-of-bounds write in TensorFlow Grappler caused by the set_output function writing to an array at a specified index, enabling a potential write primitive. The issue is fixed in TensorFlow 2.8.0, with cherry-picks planned for TensorFlow 2.7.1, 2.6.3, and 2.5.3 (th...
CVE-2022-23566 Out of bounds write in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in Grappler. The setoutput function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also...
CVE-2022-23566 Out of bounds write in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in Grappler. The setoutput function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also...
CVE-2022-23577 Null-dereference in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The implementation of GetInitOp is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, ...
CVE-2022-23577
CVE-2022-23577 : TensorFlow contains a null-pointer dereference in GetInitOp that can crash. The issue is documented with a fix in TensorFlow 2.8.0 and cherry-picks to 2.7.1, 2.6.3, and 2.5.3. Affected lines and patch are described in linked advisories (GitHub commit 4f38b1ac…, security advisorie...
CVE-2022-23577 Null-dereference in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The implementation of GetInitOp is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, ...
CVE-2022-23577 Null-dereference in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The implementation of GetInitOp is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, ...
CVE-2022-23577
Tensorflow is an Open Source Machine Learning Framework. The implementation of GetInitOp is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, ...
CVE-2022-23578 Memory leak in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...
CVE-2022-23578
TensorFlow vulnerability CVE-2022-23578 describes a memory leak: if a graph node is invalid, ImmutableExecutorState::Initialize can leak the previously allocated memory when item->kernel is reset to nullptr. The issue affects TensorFlow; the fix is planned for TensorFlow 2.8.0, with cherry-pic...
CVE-2022-23578 Memory leak in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...
CVE-2022-23578
Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...
CVE-2022-23572 Crash when type cannot be specialized in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...
CVE-2022-23572 Crash when type cannot be specialized in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...
CVE-2022-23572
TensorFlow CVE-2022-23572 concerns a crash/denial of service caused by failure to specialize a type during shape inference. Root cause: DCHECK(ret.status()) is a no-op in production and asserts in debug builds, allowing execution to proceed to ValueOrDie with an error Status, causing an assertion...
CVE-2022-23572
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...
CVE-2022-23572 Crash when type cannot be specialized in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...