7035 matches found
TensorFlow vulnerable to integer overflow in math ops
ImpactWhen RangeSize receives values that do not fit into an int64t, it crashes.cpp auto size = std::isintegral::value ? Eigen::numext::abslimit - start + Eigen::numext::absdelta - T1 / Eigen::numext::absdelta : Eigen::numext::ceil Eigen::numext::abslimit - start / delta; // This check does not...
TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs`
ImpactWhen tensorflow::fulltype::SubstituteFromAttrs receives a FullTypeDef& t that is not exactly three args, it triggers a CHECK-fail instead of returning a status.cppStatus SubstituteForEachAttrMap& attrs, FullTypeDef& t DCHECKEQt.argssize, 3; const auto& cont = t.args0; const auto& tmpl =...
TensorFlow vulnerable to integer overflow in math ops
ImpactWhen RangeSize receives values that do not fit into an int64t, it crashes.cpp auto size = std::isintegral::value ? Eigen::numext::abslimit - start + Eigen::numext::absdelta - T1 / Eigen::numext::absdelta : Eigen::numext::ceil Eigen::numext::abslimit - start / delta; // This check does not...
TensorFlow vulnerable to assertion fail on MLIR empty edge names
ImpactWhen mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it crashes.cpp// We pre-allocate the array of operands and populate it using the// outputnametoposition and controloutputtoposition populated// previously.SmallVector retvalsfunc.retsize +...
TensorFlow vulnerable to `CHECK` fail in `DenseBincount`
ImpactDenseBincount assumes its input tensor weights to either have the same shape as its input tensor input or to be length-0. A different weights shape will trigger a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfbinaryoutput = Trueinput =...
TensorFlow vulnerable to null-dereference in `mlir::tfg::TFOp::nameAttr`
ImpactWhen mlir::tfg::TFOp::nameAttr receives null type list attributes, it crashes.cppStatusOr GraphDefImporter::ArgNumTypeconst NamedAttrList , const OpDef::ArgDef def, SmallVectorImpl // Check whether a type list attribute is specified. if !argdef.typelistattr.empty if auto v =...
TensorFlow vulnerable to `CHECK` fail in `RaggedTensorToVariant`
ImpactIf RaggedTensorToVariant is given a rtnestedsplits list that contains tensors of ranks other than one, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfbatchedinput = Truertnestedsplits = tf.constant0,32,64, shape=3,...
TensorFlow vulnerable to `CHECK` failure in `AvgPoolOp`
ImpactThe AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program.pythonimport tensorflow as tfimport numpy as npvalue = np.ones1, 1, 1, 1ksize = 1, 1e20, 1, 1strides = 1, 1, 1, 1padding =...
TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions
ImpactWhen converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process.pythonimport tensorflow as tfclass QuantConv2DTransposedtf.keras.layers.Layer: def buildself, inputshape: self.kernel = self.addweight"kernel", 3, 3,...
TensorFlow vulnerable to `CHECK` failure in `AvgPoolOp`
ImpactThe AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program.pythonimport tensorflow as tfimport numpy as npvalue = np.ones1, 1, 1, 1ksize = 1, 1e20, 1, 1strides = 1, 1, 1, 1padding =...
TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel`
ImpactIf FakeQuantWithMinMaxVarsPerChannel is given min or max tensors of a rank other than one, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfnumbits = 8narrowrange = Falseinputs = tf.constant0, shape=4, dtype=tf.float32min =...
TensorFlow vulnerable to `CHECK` fail in `RaggedTensorToVariant`
ImpactIf RaggedTensorToVariant is given a rtnestedsplits list that contains tensors of ranks other than one, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfbatchedinput = Truertnestedsplits = tf.constant0,32,64, shape=3,...
TensorFlow vulnerable to `CHECK` fail in `QuantizeAndDequantizeV3`
ImpactIf QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfsignedinput = Truerangegiven = Falsenarrowrange = Falseaxis = -1input = tf.constant-3.5, shape=1,...
TensorFlow vulnerable to `CHECK` fail in `QuantizeAndDequantizeV3`
ImpactIf QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfsignedinput = Truerangegiven = Falsenarrowrange = Falseaxis = -1input = tf.constant-3.5, shape=1,...
TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel`
ImpactIf FakeQuantWithMinMaxVarsPerChannel is given min or max tensors of a rank other than one, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfnumbits = 8narrowrange = Falseinputs = tf.constant0, shape=4, dtype=tf.float32min =...
TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions
ImpactWhen converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process.pythonimport tensorflow as tfclass QuantConv2DTransposedtf.keras.layers.Layer: def buildself, inputshape: self.kernel = self.addweight"kernel", 3, 3,...
PYSEC-2026-3442
Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino.This issue affects Apache Gravitino: from 1.0.0 through 1.2.1.Users are recommended to upgrade to...
PYSEC-2026-3441
URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino.This issue affects Apache Gravitino: from 1.0.0 before 1.2.1.Users are recommended to upgrade to version 1.2.1, which fixes the issue...
PYSEC-2026-3443
Crawl4AI before 0.8.7 contains a server-side request forgery SSRF vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, o...
TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite
ImpactThe ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. PatchesWe have patched the issue in GitHub commit...
TensorFlow vulnerable to `CHECK` failure in tf.reshape via overflows
ImpactThe implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor:pythonimport tensorflow as tftf.reshapetensor=1,shape=tf.constant0 for i in range255, dtype=tf.int64This is...
TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross`
ImpactIf tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tftf.sparse.crossinputs=,name='a',separator=tf.constant'a', 'b',dtype=tf.string PatchesWe have patched the issue in...
TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross`
ImpactIf tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tftf.sparse.crossinputs=,name='a',separator=tf.constant'a', 'b',dtype=tf.string PatchesWe have patched the issue in...
TensorFlow vulnerable to OOB read in `Gather_nd` in TF Lite
ImpactThe GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. PatchesWe have patched the issue in GitHub commit...
TensorFlow vulnerable to OOB read in `Gather_nd` in TF Lite
ImpactThe GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. PatchesWe have patched the issue in GitHub commit...
TensorFlow vulnerable to `CHECK` failure in tf.reshape via overflows
ImpactThe implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor:pythonimport tensorflow as tftf.reshapetensor=1,shape=tf.constant0 for i in range255, dtype=tf.int64This is...
TensorFlow vulnerable to `CHECK` failure in `SobolSample` via missing validation
ImpactThe implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure assertion failure caused by assuming input0, input1, and input2 to be scalar.pythonimport tensorflow as tftf.rawops.SobolSampledim=tf.constant1,0, numresults=tf.constant1, skip=tf.constant1 PatchesWe...
TensorFlow vulnerable to `CHECK` failure in `SobolSample` via missing validation
ImpactThe implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure assertion failure caused by assuming input0, input1, and input2 to be scalar.pythonimport tensorflow as tftf.rawops.SobolSampledim=tf.constant1,0, numresults=tf.constant1, skip=tf.constant1 PatchesWe...
TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite
ImpactThe ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. PatchesWe have patched the issue in GitHub commit...
TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput`
ImpactWhen Conv2DBackpropInput receives empty outbackprop inputs e.g. 3, 1, 0, 1, the current CPU/GPU kernels CHECK fail one with dnnl, the other with cudnn. This can be used to trigger a denial of service attack.pythonimport tensorflow as tfimport numpy as npinputsizes = 3, 1, 1, 2filter =...
Incomplete validation in signal ops leads to crashes in TensorFlow
ImpactThe tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes due to CHECK-failures. Patches We have patched the issue in GitHub commit 0a8a781e597b18ead006d19b7d23d0a369e9ad73 merging GitHub PR 55274.The fix will be...
Code injection in `saved_model_cli` in TensorFlow
ImpactTensorFlow's savedmodelcli tool is vulnerable to a code injection:savedmodelcli run --inputexprs 'x=print"malicious code to run"' --dir ./--tagset serve --signaturedef servingdefaultThis can be used to open a reverse shell savedmodelcli run --inputexprs 'hello=exec"""\nimport...
Code injection in `saved_model_cli` in TensorFlow
ImpactTensorFlow's savedmodelcli tool is vulnerable to a code injection:savedmodelcli run --inputexprs 'x=print"malicious code to run"' --dir ./--tagset serve --signaturedef servingdefaultThis can be used to open a reverse shell savedmodelcli run --inputexprs 'hello=exec"""\nimport...
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
SummaryThe Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. SeverityModerat...
Core dump when loading TFLite models with quantization in TensorFlow
ImpactCertain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling.Thus, since code was calling...
Incomplete validation in signal ops leads to crashes in TensorFlow
ImpactThe tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes due to CHECK-failures. Patches We have patched the issue in GitHub commit 0a8a781e597b18ead006d19b7d23d0a369e9ad73 merging GitHub PR 55274.The fix will be...
Core dump when loading TFLite models with quantization in TensorFlow
ImpactCertain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling.Thus, since code was calling...
TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput`
ImpactWhen Conv2DBackpropInput receives empty outbackprop inputs e.g. 3, 1, 0, 1, the current CPU/GPU kernels CHECK fail one with dnnl, the other with cudnn. This can be used to trigger a denial of service attack.pythonimport tensorflow as tfimport numpy as npinputsizes = 3, 1, 1, 2filter =...
Uncontrolled Resource Consumption in asyncua and opcua
All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited numb...
Heap buffer overflow due to incorrect hash function in TensorFlow
ImpactThe TensorKey hash function used total estimated AllocatedBytes, which a is an estimate per tensor, and b is a very poor hash function for constants e.g. int32t. It also tried to access individual tensor bytes through tensor.data of size AllocatedBytes. This led to ASAN failures because the...
Heap buffer overflow due to incorrect hash function in TensorFlow
ImpactThe TensorKey hash function used total estimated AllocatedBytes, which a is an estimate per tensor, and b is a very poor hash function for constants e.g. int32t. It also tried to access individual tensor bytes through tensor.data of size AllocatedBytes. This led to ASAN failures because the...
Segfault and OOB write due to incomplete validation in `EditDistance` in TensorFlow
ImpactThe implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service:pythonimport tensorflow as tfhypothesisindices = tf.constant-1250999896764, shape=3, 3, dtype=tf.int64 hypothesisvalues = tf.constant0...
Missing validation results in undefined behavior in `SparseTensorDenseAdd
ImpactThe implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments:pythonimport tensorflow as tfaindices = tf.constant0, shape=17, 2, dtype=tf.int64avalues = tf.constant, shape=0, dtype=tf.float32ashape = tf.constant6, 12, shape=2, dtype=tf.int64b =...
Undefined behavior when users supply invalid resource handles
ImpactMultiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid:pythonimport tensorflow as tftf.rawops.QueueIsClosedV2handle=pythonimport tensorflow as tftf.summary.flushwriter= In graph mode, it would have been impossible to perform these API...
Segfault and OOB write due to incomplete validation in `EditDistance` in TensorFlow
ImpactThe implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service:pythonimport tensorflow as tfhypothesisindices = tf.constant-1250999896764, shape=3, 3, dtype=tf.int64 hypothesisvalues = tf.constant0...
Undefined behavior when users supply invalid resource handles
ImpactMultiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid:pythonimport tensorflow as tftf.rawops.QueueIsClosedV2handle=pythonimport tensorflow as tftf.summary.flushwriter= In graph mode, it would have been impossible to perform these API...
Type confusion leading to `CHECK`-failure based denial of service in TensorFlow
ImpactThe macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of the macros would trigger incorrectly. PatchesWe have patched the issue in GitHub commit...
Segfault if `tf.histogram_fixed_width` is called with NaN values in TensorFlow
ImpactThe implementation of tf.histogramfixedwidth is vulnerable to a crash when the values array contain NaN elements:pythonimport tensorflow as tfimport numpy as nptf.histogramfixedwidthvalues=np.nan, valuerange=1,2The implementation assumes that all floating point operations are defined and th...
Type confusion leading to `CHECK`-failure based denial of service in TensorFlow
ImpactThe macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of the macros would trigger incorrectly. PatchesWe have patched the issue in GitHub commit...
Segfault if `tf.histogram_fixed_width` is called with NaN values in TensorFlow
ImpactThe implementation of tf.histogramfixedwidth is vulnerable to a crash when the values array contain NaN elements:pythonimport tensorflow as tfimport numpy as nptf.histogramfixedwidthvalues=np.nan, valuerange=1,2The implementation assumes that all floating point operations are defined and th...