CVE-2022-21728 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ReverseSequence does not fully validate the value of batchdim and can result in a heap OOB read. There is a check to make sure the value of batchdim does not go over the rank of the input, but there...

CVE-2022-21730 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

CVE-2022-21730

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

CVE-2022-21730

Summary: CVE-2022-21730 describes an out-of-bounds read in TensorFlow’s FractionalAvgPoolGrad due to invalid input handling. This affects TensorFlow releases prior to the fixed patch and is resolved by the fix in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3. Affected component: ...

CVE-2022-21730 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

CVE-2022-21730 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

PT-2022-15068 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions 2.5.3 through 2.7.1 TensorFlow version 2.8.0 is not affected as it includes the fix. Description: The implementation of UnravelIndex is vulnerable to a division by zero caused by an integer overflow bug. This issue can be...

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google Tensorflow is vulnerable to an input validation error, which can be exploited by attackers to cause a denial of service...

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google Tensorflow is vulnerable to an input validation error, which can be exploited by attackers to cause a denial of service...

PT-2022-16084 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The implementation of AddManySparseToTensorsMap is vulnerable to an integer...

PT-2022-15067 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The implementation of shape inference for ReverseSequence does not fully validat...

Google TensorFlow 安全漏洞

Tensorflow is an open source machine learning framework. a denial-of-access vulnerability exists in TensorFlow, which can be exploited by attackers to launch a denial-of-service attack against a target...

Google TensorFlow 数字错误漏洞

TensorFlow is an end-to-end open source platform for machine learning from Google. Google TensorFlow is vulnerable to a numerical error that results from the fact that the cost estimator of certain convolution operations can be used to perform an operation divided by zero, and the function fails ...

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google Tensorflow suffers from an input validation error vulnerability, which can be exploited by an attacker to cause a CHECK failure denial-of-service based assertion failure and result in a denial of...

Google TensorFlow 代码问题漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. Tensorflow has a security vulnerability that stems from an undefined behavior in the implementation of SparseTensorSliceDataset: under certain conditions, it can dereferen...

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google Tensorflow suffers from an input validation error vulnerability that stems from a lack of validation of the input tensor shape, which could be exploited to launch a denial-of-service attack...

Google TensorFlow 安全漏洞

TensorFlow is an end-to-end open source machine learning platform. It has a comprehensive and flexible ecosystem of tools, libraries, and community resources that help researchers push the boundaries of advanced machine learning techniques and enable developers to easily build and deploy...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google Tensorflow suffers from a buffer overflow vulnerability that stems from the fact that the implementation of FractionalAvgPoolGrad does not account for invalid input tensor, which can be exploited ...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google Tensorflow has a buffer overflow vulnerability, which stems from the implementation of ReverseSequence's shape inference does not fully validate the value of batch dim, and an attacker can...

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google Tensorflow suffers from an input validation error vulnerability, which stems from the fact that implementations of dequantized shape inference are vulnerable to integer overflow weaknesses, whi...