Lucene search
+L

8 matches found

OSV
OSV
added 2024/03/06 11:15 a.m.25 views

BIT-TENSORFLOW-2022-23569 `CHECK`-fails when building invalid tensor shapes in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...

6.5CVSS6.4AI score0.00458EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 10:11 p.m.43 views

Integer overflow in `SpaceToBatchND`

Impact The implementation of tf.rawops.SpaceToBatchND in all backends such as XLA and handwritten kernels is vulnerable to an integer overflow: python import tensorflow as tf input = tf.constant-3.5e+35, shape=10,19,22, dtype=tf.float32 blockshape = tf.constant-1879048192, shape=2, dtype=tf.int64...

5.5CVSS6.3AI score0.00333EPSS
Exploits1References9Affected Software3
Prion
Prion
added 2022/05/20 11:15 p.m.13 views

Stack overflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. T...

2.1CVSS6.1AI score0.00346EPSS
Exploits1References9Affected Software1
Cvelist
Cvelist
added 2022/05/20 10:40 p.m.27 views

CVE-2022-29204 Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2`

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. T...

5.5CVSS6AI score0.00346EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2022/02/09 11:39 p.m.40 views

Integer overflows in Tensorflow

Impact The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service: python import tensorflow as tf import numpy as np tf.rawops.AddManySparseToTensorsMap...

6.5CVSS2.3AI score0.008EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2022/02/09 11:34 p.m.34 views

Integer Overflow or Wraparound in TensorFlow

Impact The Grappler component of TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure in constant folding: cc for const auto& outputprop : outputprops const PartialTensorShape outputshapeoutputprop.shape; // ... The outputprop tensor has a shape that is controlled b...

5.5CVSS4.1AI score0.00307EPSS
Exploits1References4Affected Software3
CVE
CVE
added 2022/02/03 12:47 p.m.115 views

CVE-2022-23569

TensorFlow/CVE-2022-23569: Denial‑of‑service via CHECK‑fails (assertion failures) across multiple ops in TensorFlow/TFLite, caused by invalid tensor shapes and related checks. Root cause: assertion failures in core paths; fixes released as patches implemented in GitHub commits. Remediation: upgra...

6.5CVSS6.5AI score0.00458EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/02/03 12:47 p.m.27 views

CVE-2022-23569 `CHECK`-fails when building invalid tensor shapes in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...

6.5CVSS6.6AI score0.00458EPSS
Exploits0References4
Rows per page
Query Builder