Lucene search
K
GoogleTensorflow

431 matches found

CVE
CVE
added 2020/01/28 9:20 p.m.151 views

CVE-2020-5215

CVE-2020-5215 affects TensorFlow before 1.15.2 and 2.0.1, where converting a Python string to tf.float16 in eager mode can trigger a segmentation fault. The issue arises because format checks for this use case exist only in graph mode, potentially enabling denial of service during inference/train...

7.5CVSS5.8AI score0.00581EPSS
CVE
CVE
added 2022/05/20 9:20 p.m.151 views

CVE-2022-29193

TensorFlow CVE-2022-29193: Vulnerability due to incomplete validation in tf.raw_ops.TensorSummaryV2, causing a CHECK failure that can trigger a denial of service. Affected: TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4. Remediation: patch available and fixes included in TensorFlow 2...

5.5CVSS5.4AI score0.00317EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.149 views

CVE-2022-41910

TensorFlow CVE-2022-41910 affects MakeGrapplerFunctionItem: if input sizes are >= output sizes, it triggers out-of-bounds memory reads or a crash. A fix was committed (a65411a1d69edfb16b25907ffb8f73556ce36bb7) and will be included in TensorFlow 2.11.0, with cherry-picks planned for 2.8.4, 2.9....

9.1CVSS6.8AI score0.00401EPSS
CVE
CVE
added 2021/08/12 11:5 p.m.147 views

CVE-2021-37678

CVE-2021-37678 affects TensorFlow (and Keras) where deserializing a Keras model from YAML can lead to arbitrary code execution due to use of yaml.unsafe_load. The issue is fixed in TensorFlow 2.6.0 and will be cherry-picked to 2.5.1, 2.4.3, and 2.3.4; patch deployment in affected releases is expe...

9.3CVSS8.9AI score0.00451EPSS
CVE
CVE
added 2022/02/03 2:30 p.m.146 views

CVE-2022-21740

CVE-2022-21740 concerns TensorFlow’s SparseCountSparseOutput, where the vulnerability is a heap-based overflow in that operation. The issue arises from improper bounds checking in the SparseCountSparseOutput path, enabling heap overflow and potential arbitrary-code execution on affected systems. ...

8.8CVSS8AI score0.00788EPSS
CVE
CVE
added 2020/12/10 10:10 p.m.142 views

CVE-2020-26268

CVE-2020-26268 affects TensorFlow: tf.raw_ops.ImmutableConst can crash Python when mapping a file to a non-integral tensor type, due to an allocator not returning an opaque handle. The issue may trigger a segmentation fault if the memory area is large enough; a check prevents the fault if the fil...

4.4CVSS4.9AI score0.00203EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.140 views

CVE-2022-23571

CVE-2022-23571 concerns TensorFlow, where decoding a tensor from protobuf can trigger a invalid CHECK assertion when tensors have an invalid dtype with 0 elements or an invalid shape, enabling a denial-of-service in affected TF processes. Root cause: CHECK failure during tensor protobuf decoding....

6.5CVSS6.5AI score0.00469EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.140 views

CVE-2022-23572

TensorFlow CVE-2022-23572 concerns a crash/denial of service caused by failure to specialize a type during shape inference. Root cause: DCHECK(ret.status()) is a no-op in production and asserts in debug builds, allowing execution to proceed to ValueOrDie with an error Status, causing an assertion...

6.5CVSS6.6AI score0.00992EPSS
CVE
CVE
added 2022/05/20 11:35 p.m.136 views

CVE-2022-29216

TensorFlow CVE-2022-29216 affects the saved_model_cli tool. Prior to 2.9.0 and backports to 2.8.1, 2.7.2, and 2.6.4, the tool allowed code injection via numpy expressions, potentially enabling a reverse shell. The issue stems from unsafe evaluation of input expressions; a patch removes the safe=F...

7.8CVSS7.8AI score0.00536EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.134 views

CVE-2022-23557

TensorFlow/TFLite BiasAndClamp vulnerability: a crafted TFLite model can trigger a division by zero due to missing non-zero bias_size checks in BiasAndClamp. The issue affects TFLite in TensorFlow and will be fixed in TensorFlow 2.8.0, with cherry-picks planned for TensorFlow 2.7.1, 2.6.3, and 2....

6.5CVSS6.6AI score0.00757EPSS
CVE
CVE
added 2022/02/03 2:27 p.m.132 views

CVE-2022-21741

TensorFlow’s CVE-2022-21741 affects TFLite depthwise convolutions where a division by zero can occur due to user-controlled convolution parameters and no positivity check before division. The issue enables a potential denial of service via crafted models. The fix is planned for TensorFlow 2.8.0, ...

6.5CVSS6.5AI score0.00821EPSS
CVE
CVE
added 2022/05/20 10:55 p.m.131 views

CVE-2022-29202

TensorFlow tf.ragged.constant contains a lack of input validation that can lead to denial of service via memory exhaustion. Affected products/versions include TensorFlow prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4. The issue was patched in 2.9.0 and back-ported to the earlier supported branches (2.8....

5.5CVSS5.5AI score0.00316EPSS
CVE
CVE
added 2021/05/14 7:16 p.m.130 views

CVE-2021-29568

TensorFlow vulnerability CVE-2021-29568 arises from binding to a NULL pointer in tf.raw_ops.ParameterizedTruncatedNormal due to not validating the shape argument before accessing shape_tensor.flat(0). The issue can cause undefined behavior; the affected commits patch the input validation. A fix w...

7.8CVSS5.4AI score0.00197EPSS
CVE
CVE
added 2021/08/12 11:10 p.m.129 views

CVE-2021-37690

CVE-2021-37690 concerns a denial-of-service/segfault risk in TensorFlow’s shape inference, arising when shape information in a ShapeAndType struct is accessed after an inference context is cleaned up. The core issue was that shapes and types were not cloned under ownership like other outputs, lea...

6.6CVSS6.7AI score0.00163EPSS
CVE
CVE
added 2021/05/14 7:15 p.m.128 views

CVE-2021-29583

TensorFlow CVE-2021-29583 / GHSA-9XH4-23Q4-V6WR describe a heap buffer overflow and undefined behavior in tf.raw_ops.FusedBatchNorm when inputs like scale, offset, mean, or variance have mismatched shapes or are empty. Root cause: missing validation that these tensors match the number of channels...

7.8CVSS5.5AI score0.00211EPSS
CVE
CVE
added 2022/02/03 12:59 p.m.128 views

CVE-2022-21734

TensorFlow CVE-2022-21734: The MapStage kernel is vulnerable to a CHECK-fail when the key tensor is non-scalar, potentially allowing a denial of service. The reported fix is included in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3 for affected, supported releases. Recommend upgr...

6.5CVSS6.6AI score0.00783EPSS
CVE
CVE
added 2022/09/16 7:45 p.m.128 views

CVE-2022-35941

CVE-2022-35941 affects TensorFlow: AvgPoolOp accepts a positive ksize but does not validate it, enabling a potential crash via a negative ksize. The issue is fixed in commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f and will be included in TensorFlow 2.10.0; the patch will be cherry-picked for TF ...

7.5CVSS6.3AI score0.00562EPSS
CVE
CVE
added 2022/02/03 11:21 a.m.127 views

CVE-2022-21732

CVE-2022-21732 affects TensorFlow’s ThreadPoolHandle. The vulnerability stems from allowing an unbounded num_threads value (only checked to be non-negative), enabling memory exhaustion and a potential denial-of-service. A fix is available in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3 and...

6.5CVSS5.3AI score0.00765EPSS
CVE
CVE
added 2022/05/20 11:30 p.m.127 views

CVE-2022-29213

TensorFlow vulnerability CVE-2022-29213 arises from missing input validation in tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d, which can trigger CHECK failures and crashes under certain conditions. Public details cover affected TF releases: 2.6.4, 2.7.2, 2.8.1, and 2.9.0, with a patch...

5.5CVSS5.5AI score0.0031EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.126 views

CVE-2022-23558

CVE-2022-23558 describes an integer overflow in TensorFlow’s TFLite path: TfLiteIntArrayCreate alloc_size is derived from TfLiteIntArrayGetSizeInBytes(size), which returns an int instead of a size_t, enabling an attacker-controlled input to overflow computed_size. Affected: TensorFlow/TFLite mode...

8.8CVSS8.2AI score0.00811EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.126 views

CVE-2022-23591

TensorFlow’s GraphDef format allows self-recursive functions, which can cause a stack overflow when loading a SavedModel. Multiple sources (CVE-2022-23591 and related OSV/GHSA entries) describe the underlying issue as a self-recursive function in GraphDef leading to unbounded resolution of NodeDe...

7.5CVSS7.7AI score0.00789EPSS
CVE
CVE
added 2022/02/03 12:53 p.m.125 views

CVE-2022-21735

TensorFlow vulnerability CVE-2022-21735 involves the FractionalMaxPool implementation where a division-by-zero can crash the TensorFlow process. The issue is documented across multiple sources, noting the root cause in FractionalMaxPool and that a patch fixes it in TensorFlow 2.8.0, with cherry-p...

6.5CVSS6.5AI score0.00783EPSS
CVE
CVE
added 2022/05/20 9:40 p.m.125 views

CVE-2022-29199

TensorFlow vulnerability CVE-2022-29199 affects tf.raw_ops.LoadAndRemapMatrix. The issue arises from incomplete validation of input arguments, where the code assumes initializing_values is a vector but does not validate it before access, leading to a CHECK failure that can trigger a denial of ser...

5.5CVSS5.5AI score0.00317EPSS
CVE
CVE
added 2022/05/20 11:0 p.m.125 views

CVE-2022-29201

TensorFlow CVE-2022-29201 concerns a missing input validation in tf.raw_ops.QuantizedConv2D that can bind references to nullptr when arguments are empty. Affected versions include 2.6.4, 2.7.2, 2.8.1, and 2.9.0. Patches exist in 2.9.0 and are cherrypicked to the older supported branches (2.8.1, 2...

5.5CVSS5.5AI score0.00332EPSS
CVE
CVE
added 2022/09/16 10:15 p.m.124 views

CVE-2022-35999

TensorFlow CVE-2022-35999 affects Conv2DBackpropInput: when out_backprop is empty (example [3,1,0,1]), CPU/GPU kernels fail CHECKs, enabling potential denial of service. A patch was committed (27a65a43cf763897fecfa5cdb5cc653fc5dd0346) and will be included in TensorFlow 2.10.0; the patch will also...

7.5CVSS6.4AI score0.00396EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.123 views

CVE-2022-23576

CVE-2022-23576 describes an integer overflow in TensorFlow’s OpLevelCostEstimator::CalculateOutputSize, triggered when computing the product of output_shape.dim() elements for large tensor sizes. The vulnerability could allow overflow of the computed output size, potentially impacting stability o...

6.5CVSS6.7AI score0.00783EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.123 views

CVE-2022-23587

CVE-2022-23587 concerns TensorFlow, specifically the Grappler cost-estimator path. The vulnerability is an integer overflow in the cost estimation for crop and resize within Grappler, triggered by user-controlled cropping parameters, which can lead to undefined behavior. The patch is committed (c...

9.8CVSS9.2AI score0.00888EPSS
CVE
CVE
added 2022/05/20 11:25 p.m.123 views

CVE-2022-29209

TensorFlow has a documented vulnerability (CVE-2022-29209) due to incorrect logic when comparing size_t and int in assertion macros. Affected versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4 may trigger the issue; a patch is included in 2.9.0 and is backported to 2.8.1, 2.7.2, and 2.6.4. Impact r...

5.5CVSS5.5AI score0.00385EPSS
CVE
CVE
added 2022/09/16 10:55 p.m.123 views

CVE-2022-36015

TensorFlow CVE-2022-36015 describes an integer overflow in RangeSize: if the range value cannot fit in int64_t, the operation crashes. The issue is fixed in commit 37e64539cd29fcfb814c4451152a60f5d107b0f0 and will be included in TensorFlow 2.10.0; it will also be cherry-picked to TensorFlow 2.9.1...

7.5CVSS6.5AI score0.00547EPSS
CVE
CVE
added 2021/05/14 7:11 p.m.122 views

CVE-2021-29543

CVE-2021-29543 affects TensorFlow’s CTCGreedyDecoder with a CHECK_LT invariant in tf.raw_ops.CTCGreedyDecoder that can trigger a denial-of-service via abnormal termination. Connected sources provide concrete technical details: the issue resides in TensorFlow core/kernels/ctc_decoder_ops.cc lines ...

5.5CVSS4.6AI score0.00189EPSS
CVE
CVE
added 2021/08/12 10:30 p.m.122 views

CVE-2021-37668

CVE-2021-37668 affects TensorFlow, specifically the tf.raw_ops.UnravelIndex path. The vulnerability arises when dims is empty and an element of dims is 0, leading to an division-by-zero in the implementation and enabling a denial-of-service in model-serving applications. The issue was patched in ...

5.5CVSS5.6AI score0.00154EPSS
CVE
CVE
added 2022/02/03 1:13 p.m.122 views

CVE-2022-21739

TensorFlow’s QuantizedMaxPool has an undefined behavior that can trigger a reference binding to a null pointer when handling user-controlled inputs. The patch is planned for TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3 (still in supported range). Remediation: upgrade to TensorFl...

6.5CVSS6.6AI score0.00783EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.122 views

CVE-2022-23559

TensorFlow/TensorFlow Lite contains an integer overflow in embedding_lookup_sparse within TFLite. The vulnerability arises because embedding_size and lookup_size are computed as products of user-supplied values, enabling overflow during multiplication and potentially leading to a heap-based out-o...

8.8CVSS8.7AI score0.01173EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.122 views

CVE-2022-23583

TensorFlow vulnerability CVE-2022-23583: a type confusion caused by modifying the SavedModel’s tensor protobufs can let a remote attacker trigger CHECK failures in templated binary operators, leading to a denial of service. Affected: various TF releases up to 2.8.x (and cherry-picks on 2.7.1, 2.6...

6.5CVSS6.4AI score0.00872EPSS
CVE
CVE
added 2022/05/20 9:55 p.m.121 views

CVE-2022-29197

CVE-2022-29197 concerns TensorFlow UnsortedSegmentJoin with incomplete input validation that can trigger a denial of service via a CHECK failure when num_segments is not properly validated. Affected releases include TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4. The issue has been a...

5.5CVSS5.5AI score0.00317EPSS
CVE
CVE
added 2022/09/16 9:45 p.m.121 views

CVE-2022-35986

TensorFlow vulnerability CVE-2022-35986 affects RaggedBincount: if an empty input tensor for splits is provided, a segfault can trigger a denial of service. The issue is fixed via GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8, with the fix slated for TensorFlow 2.10.0 and cherry-picked b...

7.5CVSS6.4AI score0.00423EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.120 views

CVE-2022-23565

CVE-2022-23565 : TensorFlow contains a denial-of-service risk caused by an assertion failure when a SavedModel on disk has duplicated AttrDef entries for an operation. The issue’s root cause is described across connected sources as a SavedModel mismatch that can trigger a crash under certain on-d...

6.5CVSS6.5AI score0.00469EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.120 views

CVE-2022-23579

CVE-2022-23579 affects TensorFlow: the Grappler optimizer can cause a denial of service by altering a SavedModel to trigger CHECK failures in SafeToRemoveIdentity. The issue is linked to the Grappler dependency optimizer logic and manifests as a DoS condition. The fix is planned for TensorFlow 2....

6.5CVSS6.4AI score0.00821EPSS
CVE
CVE
added 2021/05/14 7:21 p.m.119 views

CVE-2021-29597

TensorFlow/TFLite SpaceToBatchNd is vulnerable to a division-by-zero error when a dimension of the block input is 0, enabling crafted inputs to trigger a fault in the operator. Affected: TensorFlow’s SpaceToBatchNd (TFLite kernel). Root cause: division by zero in the SpaceToBatchNd kernel when fi...

7.8CVSS5.4AI score0.00201EPSS
CVE
CVE
added 2022/02/03 10:55 a.m.119 views

CVE-2022-21728

CVE-2022-21728 affects TensorFlow: ReverseSequence shape-inference can yield a heap-based out-of-bounds read because batch_dim is checked for being too large but not for negative values. The mitigation path is a forthcoming fix in TensorFlow 2.8.0, with cherry-picks into 2.7.1, 2.6.3, and 2.5.3. ...

8.1CVSS8AI score0.01125EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.118 views

CVE-2022-23586

TensorFlow vulnerability CVE-2022-23586 affects the SavedModel path via assertions in function.cc, enabling denial of service by a malicious SavedModel that crashes the Python interpreter. Root cause is CHECK/assertion failures in function.cc when a SavedModel is altered. Affected releases map to...

6.5CVSS6.4AI score0.008EPSS
CVE
CVE
added 2022/05/20 8:50 p.m.118 views

CVE-2022-29191

CVE-2022-29191 affects TensorFlow: the implementation of tf.raw_ops.GetSessionTensor does not fully validate input arguments, causing a CHECK failure and enabling a denial of service on a local attacker. Affected versions are prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4; a patch is included in those v...

5.5CVSS5.4AI score0.0035EPSS
CVE
CVE
added 2022/11/18 12:0 a.m.118 views

CVE-2022-41909

CVE-2022-41909 affects TensorFlow: an input encoded that is not a valid CompositeTensorVariant can cause a segfault in tf.raw_ops.CompositeTensorVariantToComponents. Patches are in commits bf594d08d... and 660ce5a89e..., with the fix slated for TensorFlow 2.11 and cherry-picked to 2.10.1, 2.9.3, ...

7.5CVSS6.2AI score0.0049EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.117 views

CVE-2022-23577

CVE-2022-23577 : TensorFlow contains a null-pointer dereference in GetInitOp that can crash. The issue is documented with a fix in TensorFlow 2.8.0 and cherry-picks to 2.7.1, 2.6.3, and 2.5.3. Affected lines and patch are described in linked advisories (GitHub commit 4f38b1ac…, security advisorie...

6.5CVSS6.5AI score0.00783EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.116 views

CVE-2022-23574

CVE-2022-23574 affects TensorFlow. A typo in SpecializeType leads to a heap out-of-bounds read/write by initializing arg to the i-th mutable argument in a loop, enabling writes/read beyond bounds. The issue is fixed in TensorFlow 2.8.0, with cherry-picks for TensorFlow 2.7.1 and 2.6.3. Affected r...

8.8CVSS8.6AI score0.00837EPSS
CVE
CVE
added 2022/05/20 10:15 p.m.116 views

CVE-2022-29206

CVE-2022-29206 involves TensorFlow’s tf.raw_ops.SparseTensorDenseAdd, where input argument validation is insufficient, causing a reference to a nullptr during kernel execution and resulting in undefined behavior. Affected releases include TensorFlow versions prior to 2.9.0, and also 2.8.1, 2.7.2,...

5.5CVSS5.5AI score0.00338EPSS
CVE
CVE
added 2021/05/14 7:12 p.m.115 views

CVE-2021-29531

CVE-2021-29531 affects TensorFlow and relates to a denial-of-service risk in PNG encoding when an attacker supplies an empty input tensor for pixel data. The issue stems from encode_png_op.cc validating only total pixel count and passing image data to png::WriteImageToBuffer, which calls CHECK_NO...

5.5CVSS4.8AI score0.00189EPSS
CVE
CVE
added 2021/08/12 10:20 p.m.115 views

CVE-2021-37679

TensorFlow CVE-2021-37679 concerns a vulnerability in nested tf.map_fn with RaggedTensor inputs. The root cause is in the conversion from a Variant tensor to a RaggedTensor: the implementation does not verify that all inner shapes match, which can produce extra dimensions and allow leakage of hea...

7.8CVSS7.3AI score0.00181EPSS
CVE
CVE
added 2021/05/14 7:11 p.m.114 views

CVE-2021-29545

CVE-2021-29545 concerns TensorFlow and describes a heap-based out-of-bounds issue in SparseTensorToCSRSparseMatrix caused by a double redirection when accessing csr_row_ptr via indices(i, 0) + 1. This can lead to a denial of service by writing outside heap data. The connected OSV/GHSA entries con...

5.5CVSS4.7AI score0.00189EPSS
CVE
CVE
added 2021/08/12 10:55 p.m.114 views

CVE-2021-37673

TensorFlow maps-stage DoS (CVE-2021-37673). The issue arises from tf.raw_ops.MapStage not validating non-empty key tensors, enabling a local attacker to trigger a denial-of-service via a CHECK-fail. Patches were committed and the fix is expected in TensorFlow 2.6.0, with backports to 2.5.1, 2.4.3...

5.5CVSS5.5AI score0.00154EPSS
Total number of security vulnerabilities431