5616 matches found
`CHECK` fail via inputs in `SparseFillEmptyRowsGrad`
ImpactIf SparseFillEmptyRowsGrad is given empty inputs, TensorFlow will crash.pythonimport tensorflow as tftf.rawops.SparseFillEmptyRowsGrad reverseindexmap=, gradvalues=, name=None PatchesWe have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8.The fix will be included...
Cross-site Scripting in kiwitcms
A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...
`MirrorPadGrad` heap out of bounds read
ImpactIf MirrorPadGrad is given outsize input paddings, TensorFlow will give a heap OOB error.pythonimport tensorflow as tftf.rawops.MirrorPadGradinput=1, paddings=0x77f00000,0xa000000, mode = 'REFLECT' PatchesWe have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92.The...
`tf.raw_ops.Mfcc` crashes
ImpactIf ThreadUnsafeUnigramCandidateSampler is given input filterbankchannelcount greater than the allowed max size, TensorFlow will crash.pythonimport tensorflow as tftf.rawops.Mfcc spectrogram = 1.38, 6.32, 5.75, 9.51, samplerate = 2, upperfrequencylimit = 5.0, lowerfrequencylimit = 1.0,...
`CHECK` fail via inputs in `SdcaOptimizer`
ImpactInputs densefeatures or examplestatedata not of rank 2 will trigger a CHECK fail in SdcaOptimizer.pythonimport tensorflow as tftf.rawops.SdcaOptimizer sparseexampleindices=4 tf.random.uniform5,5,5,3, dtype=tf.dtypes.int64, maxval=100, sparsefeatureindices=4 tf.random.uniform5,5,5,3,...
`CHECK_EQ` fail via input in `SparseMatrixNNZ`
ImpactAn input sparsematrix that is not a matrix with a shape with rank 0 will trigger a CHECK fail in tf.rawops.SparseMatrixNNZ.pythonimport tensorflow as tftf.rawops.SparseMatrixNNZsparsematrix= PatchesWe have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693.The fix...
Out of bounds write in grappler in Tensorflow
ImpactThe function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. PatchesWe have patched the issue in GitHub commit...
Heap overflow in `QuantizeAndDequantizeV2`
ImpactThe function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered.pythonimport tensorflow as [email protected] test:...
Segfault in `CompositeTensorVariantToComponents`
ImpactAn input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents.pythonimport tensorflow as tfencode = tf.rawops.EmptyTensorListelementdtype=tf.int32, elementshape=10, 15, maxnumelements=2meta=...
`CHECK_EQ` fail in `tf.raw_ops.TensorListResize`
ImpactIf tf.rawops.TensorListResize is given a nonscalar value for input size, it results CHECK fail which can be used to trigger a denial of service attack.pythonimport numpy as npimport tensorflow as tfa = datastructures.tftensorlistnewelements = tf.constantvalue=3, 4, 5b = np.zeros0, 2, 3,...
`CHECK` fail via inputs in `PyFunc`
ImpactAn input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc.pythonimport tensorflow as tfvalue = tf.constantvalue=1,2token = b'\xb0'dataType = tf.int32tf.rawops.PyFuncinput=value,token=token,Tout=dataType PatchesWe have patched the issue in GitHub commit...
Overflow in `ResizeNearestNeighborGrad`
ImpactWhen tf.rawops.ResizeNearestNeighborGrad is given a large size input, it overflows.import tensorflow as tfaligncorners = Truehalfpixelcenters = Falsegrads = tf.constant1, shape=1,8,16,3, dtype=tf.float16size = tf.constant1879048192,1879048192, shape=2,...
Seg fault in `ndarray_tensor_bridge` due to zero and large inputs
ImpactIf a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. E.g. the following raises an error:pythonnp.ones0, 231, 231An example of a proof of concept:pythonimport numpy as npimport tensorflow as tfinputval =...
Lin CMS vulnerable to Improper Authentication
An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator...
Out of bounds segmentation fault due to unequal op inputs in Tensorflow
Impact tf.rawops.DynamicStitch specifies input sizes when it is registered. cppREGISTEROP"DynamicStitch" .Input"indices: N int32" .Input"data: N T" .Output"merged: T" .Attr"N : int = 1" .Attr"T : type" .SetShapeFnDynamicStitchShapeFunction;When it receives a differing number of inputs, such as wh...
Overflow in `ImageProjectiveTransformV2`
ImpactWhen tf.rawops.ImageProjectiveTransformV2 is given a large output shape, it overflows.pythonimport tensorflow as tfinterpolation = "BILINEAR"fillmode = "REFLECT"images = tf.constant0.184634328, shape=2,5,8,3, dtype=tf.float32transforms = tf.constant0.378575385, shape=2,8,...
Segfault in `tf.raw_ops.TensorListConcat`
ImpactIf tf.rawops.TensorListConcat is given elementshape=, it results segmentation fault which can be used to trigger a denial of service attack.pythonimport tensorflow as tftf.rawops.TensorListConcat inputhandle=tf.data.experimental.tovarianttf.data.Dataset.fromtensorslices1, 2, 3,...
Overflow in `FusedResizeAndPadConv2D`
ImpactWhen tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows.pythonimport tensorflow as tfmode = "REFLECT"strides = 1, 1, 1, 1padding = "SAME"resizealigncorners = Falseinput = tf.constant147, shape=3,3,1,1, dtype=tf.float16size = tf.constant1879048192,1879048192,...
`CHECK` fail in `BCast` overflow
ImpactIf BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b.pythonimport tensorflow as tfvalue = tf.constantshape=2, 1024, 1024, 1024,...
Segfault via invalid attributes in `pywrap_tfe_src.cc`
ImpactIf a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors as input ksizes.pythonimport numpy as npimport...
FPE in `tf.image.generate_bounding_box_proposals`
ImpactWhen running on GPU, tf.image.generateboundingboxproposals receives a scores input that must be of rank 4 but is not checked.pythonimport tensorflow as tfa = tf.constantvalue=1.0, 1.0, 1.0, 1.0, 1.0, 1.0, 1.0, 1.0b =...
snowflake-connector-python is vulnerable to Regular Expression Denial of Service (ReDoS)
An exponential ReDoS Regular Expression Denial of Service can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the getfiletransfertype method...
Overflow in `tf.keras.losses.poisson`
Impacttf.keras.losses.poisson receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment.pythonimport numpy as npimport tensorflow as tftruevalue =...
pymatgen is vulnerable to Regular Expression Denial of Service (ReDoS)
An exponential ReDoS Regular Expression Denial of Service can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.fromstring method...
Apache Pulsar Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack
The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or...
Inventree vulnerable to Stored Cross-site Scripting
Inventree prior to 0.8.3 is vulnerable to stored cross-site scripting by uploading SVG files. Version 0.8.3 contains a patch for this issue...
When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
When matrix-nio before 0.20 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from.This allows a malicious homeserver to inser...
TensorFlow vulnerable to `CHECK` fail in `Save` and `SaveSlices`
ImpactIf Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tffilename = tf.constant""tensornames = tf.constant"" Savedata = tf.casttf.random.uniformshape=1, minval=-10000,...
TensorFlow vulnerable to `CHECK` fail in `ParameterizedTruncatedNormal`
ImpactParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfseed = 1618seed2 = 0shape = tf.random.uniformshape=3, minval=-10000,...
Flask-Security vulnerable to Open Redirect
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only...
Twisted vulnerable to NameVirtualHost Host header injection
When the host header does not match a configured host, twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection.Example configuration:pythonfrom twisted.web.server import Sitefrom...
jwcrypto token substitution can lead to authentication bypass
The JWT code can auto-detect the type of token being provided, and this can lead the application to incorrect conclusions about the trustworthiness of the token.Quoting the private disclosure we received : "Under certain circumstances, it is possible to substitute a .. signed JWS with a JWE that ...
Powerline Gitstatus vulnerable to arbitrary code execution
powerline-gitstatus aka Powerline Gitstatus before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs gi...
OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...
Ansible leaks password to logs
A flaw was found in Ansible in the amazon.aws collection when using the towercallback parameter from the amazon.aws.ec2instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs...
protobuf-cpp and protobuf-python have potential Denial of Service issue
SummaryA message parsing and memory management vulnerability in ProtocolBuffer’s C++ and Python implementations can trigger an out of memory OOM failure when processing a specially crafted message, which could lead to a denial of service DoS on services using the libraries.Reporter:...
TensorFlow vulnerable to segfault in `SparseBincount`
ImpactIf SparseBincount is given inputs for indices, values, and denseshape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfbinaryoutput = Trueindices = tf.random.uniformshape=, minval=-10000,...
TensorFlow vulnerable to `CHECK` fail in `tf.linalg.matrix_rank`
ImpactWhen tf.linalg.matrixrank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfa = tf.constant, shape=0, 1, 1, dtype=tf.float32tf.linalg.matrixranka=a PatchesWe have patched the issue in GitHub commi...
TensorFlow vulnerable to `CHECK` fail in `MaxPool`
ImpactWhen MaxPool receives a window size input array ksize with dimensions greater than its input tensor input, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfimport numpy as npinput = np.ones1, 1, 1, 1ksize = 1, 1, 2, 2strid...
TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput`
ImpactThe implementation of Conv2DBackpropInput requires inputsizes to be 4-dimensional. Otherwise, it gives a CHECK failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfstrides = 1, 1, 1, 1padding = "SAME"usecudnnongpu = Trueexplicitpaddings = dataformat =...
TensorFlow vulnerable to `CHECK` fail in `LRNGrad`
ImpactIf LRNGrad is given an outputimage input tensor that is not 4-D, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfdepthradius = 1bias = 1.59018219alpha = 0.117728651beta = 0.404427052inputgrads = tf.random.uniformshape=4, 4, 4, 4...
TensorFlow vulnerable to segfault in `QuantizedAdd`
ImpactIf QuantizedAdd is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfToutput = tf.qint32x = tf.constant140, shape=1, dtype=tf.quint8y = tf.constant26, shape=10, dtype=tf.quint8mi...
TensorFlow vulnerable to `CHECK` fail in `FractionalMaxPoolGrad`
ImpactFractionalMaxPoolGrad validates its inputs with CHECK failures instead of with returning errors. If it gets incorrectly sized inputs, the CHECK failure can be used to trigger a denial of service attack:pythonimport tensorflow as tfoverlapping = Trueoriginput = tf.constant.453409232,...
TensorFlow vulnerable to segfault in `RaggedBincount`
ImpactIf RaggedBincount is given an empty input tensor splits, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfbinaryoutput = Truesplits = tf.random.uniformshape=0, minval=-10000, maxval=10000, dtype=tf.int64, seed=-7430values =...
TensorFlow vulnerable to segfault in `QuantizedBiasAdd`
ImpactIf QuantizedBiasAdd is given mininput, maxinput, minbias, maxbias tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfouttype = tf.qint32input = tf.constant85,170,255, shape=3, dtype=tf.quint8bias =...
TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVars`
ImpactIf FakeQuantWithMinMaxVars is given min or max tensors of a nonzero rank, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfnumbits = 8narrowrange = Falseinputs = tf.constant0, shape=2,3, dtype=tf.float32min = tf.constant0,...
TensorFlow vulnerable to `CHECK` failure in `TensorListReserve` via missing validation
ImpactIn core/kernels/listkernels.cc's TensorListReserve, numelements is assumed to be a tensor of size 1. When a numelements of more than 1 element is provided, then tf.rawops.TensorListReserve fails the CHECKEQ in CheckIsAlignedAndSingleElement.pythonimport tensorflow as...
TensorFlow vulnerable to `CHECK` failures in `AvgPool3DGrad`
ImpactThe implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfksize = 1, 1, 1, 1, 1strides = 1, 1, 1, 1, 1padding =...
TensorFlow vulnerable to segfault in `QuantizedAvgPool`
ImpactIf QuantizedAvgPool is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfksize = 1, 2, 2, 1strides = 1, 2, 2, 1padding = "SAME"input = tf.constant1, shape=1,4,4,2,...
TensorFlow vulnerable to floating point exception in `Conv2D`
ImpactIf Conv2D is given empty input and the filter and padding sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack.pythonimport tensorflow as tfimport numpy as npwith tf.device"CPU": also can be...