431 matches found
CVE-2020-5215
CVE-2020-5215 affects TensorFlow before 1.15.2 and 2.0.1, where converting a Python string to tf.float16 in eager mode can trigger a segmentation fault. The issue arises because format checks for this use case exist only in graph mode, potentially enabling denial of service during inference/train...
CVE-2022-29193
TensorFlow CVE-2022-29193: Vulnerability due to incomplete validation in tf.raw_ops.TensorSummaryV2, causing a CHECK failure that can trigger a denial of service. Affected: TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4. Remediation: patch available and fixes included in TensorFlow 2...
CVE-2022-41910
TensorFlow CVE-2022-41910 affects MakeGrapplerFunctionItem: if input sizes are >= output sizes, it triggers out-of-bounds memory reads or a crash. A fix was committed (a65411a1d69edfb16b25907ffb8f73556ce36bb7) and will be included in TensorFlow 2.11.0, with cherry-picks planned for 2.8.4, 2.9....
CVE-2021-37678
CVE-2021-37678 affects TensorFlow (and Keras) where deserializing a Keras model from YAML can lead to arbitrary code execution due to use of yaml.unsafe_load. The issue is fixed in TensorFlow 2.6.0 and will be cherry-picked to 2.5.1, 2.4.3, and 2.3.4; patch deployment in affected releases is expe...
CVE-2022-21740
CVE-2022-21740 concerns TensorFlow’s SparseCountSparseOutput, where the vulnerability is a heap-based overflow in that operation. The issue arises from improper bounds checking in the SparseCountSparseOutput path, enabling heap overflow and potential arbitrary-code execution on affected systems. ...
CVE-2020-26268
CVE-2020-26268 affects TensorFlow: tf.raw_ops.ImmutableConst can crash Python when mapping a file to a non-integral tensor type, due to an allocator not returning an opaque handle. The issue may trigger a segmentation fault if the memory area is large enough; a check prevents the fault if the fil...
CVE-2022-23571
CVE-2022-23571 concerns TensorFlow, where decoding a tensor from protobuf can trigger a invalid CHECK assertion when tensors have an invalid dtype with 0 elements or an invalid shape, enabling a denial-of-service in affected TF processes. Root cause: CHECK failure during tensor protobuf decoding....
CVE-2022-23572
TensorFlow CVE-2022-23572 concerns a crash/denial of service caused by failure to specialize a type during shape inference. Root cause: DCHECK(ret.status()) is a no-op in production and asserts in debug builds, allowing execution to proceed to ValueOrDie with an error Status, causing an assertion...
CVE-2022-29216
TensorFlow CVE-2022-29216 affects the saved_model_cli tool. Prior to 2.9.0 and backports to 2.8.1, 2.7.2, and 2.6.4, the tool allowed code injection via numpy expressions, potentially enabling a reverse shell. The issue stems from unsafe evaluation of input expressions; a patch removes the safe=F...
CVE-2022-23557
TensorFlow/TFLite BiasAndClamp vulnerability: a crafted TFLite model can trigger a division by zero due to missing non-zero bias_size checks in BiasAndClamp. The issue affects TFLite in TensorFlow and will be fixed in TensorFlow 2.8.0, with cherry-picks planned for TensorFlow 2.7.1, 2.6.3, and 2....
CVE-2022-21741
TensorFlow’s CVE-2022-21741 affects TFLite depthwise convolutions where a division by zero can occur due to user-controlled convolution parameters and no positivity check before division. The issue enables a potential denial of service via crafted models. The fix is planned for TensorFlow 2.8.0, ...
CVE-2022-29202
TensorFlow tf.ragged.constant contains a lack of input validation that can lead to denial of service via memory exhaustion. Affected products/versions include TensorFlow prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4. The issue was patched in 2.9.0 and back-ported to the earlier supported branches (2.8....
CVE-2021-29568
TensorFlow vulnerability CVE-2021-29568 arises from binding to a NULL pointer in tf.raw_ops.ParameterizedTruncatedNormal due to not validating the shape argument before accessing shape_tensor.flat(0). The issue can cause undefined behavior; the affected commits patch the input validation. A fix w...
CVE-2021-37690
CVE-2021-37690 concerns a denial-of-service/segfault risk in TensorFlow’s shape inference, arising when shape information in a ShapeAndType struct is accessed after an inference context is cleaned up. The core issue was that shapes and types were not cloned under ownership like other outputs, lea...
CVE-2021-29583
TensorFlow CVE-2021-29583 / GHSA-9XH4-23Q4-V6WR describe a heap buffer overflow and undefined behavior in tf.raw_ops.FusedBatchNorm when inputs like scale, offset, mean, or variance have mismatched shapes or are empty. Root cause: missing validation that these tensors match the number of channels...
CVE-2022-21734
TensorFlow CVE-2022-21734: The MapStage kernel is vulnerable to a CHECK-fail when the key tensor is non-scalar, potentially allowing a denial of service. The reported fix is included in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3 for affected, supported releases. Recommend upgr...
CVE-2022-35941
CVE-2022-35941 affects TensorFlow: AvgPoolOp accepts a positive ksize but does not validate it, enabling a potential crash via a negative ksize. The issue is fixed in commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f and will be included in TensorFlow 2.10.0; the patch will be cherry-picked for TF ...
CVE-2022-21732
CVE-2022-21732 affects TensorFlow’s ThreadPoolHandle. The vulnerability stems from allowing an unbounded num_threads value (only checked to be non-negative), enabling memory exhaustion and a potential denial-of-service. A fix is available in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3 and...
CVE-2022-29213
TensorFlow vulnerability CVE-2022-29213 arises from missing input validation in tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d, which can trigger CHECK failures and crashes under certain conditions. Public details cover affected TF releases: 2.6.4, 2.7.2, 2.8.1, and 2.9.0, with a patch...
CVE-2022-23558
CVE-2022-23558 describes an integer overflow in TensorFlow’s TFLite path: TfLiteIntArrayCreate alloc_size is derived from TfLiteIntArrayGetSizeInBytes(size), which returns an int instead of a size_t, enabling an attacker-controlled input to overflow computed_size. Affected: TensorFlow/TFLite mode...
CVE-2022-23591
TensorFlow’s GraphDef format allows self-recursive functions, which can cause a stack overflow when loading a SavedModel. Multiple sources (CVE-2022-23591 and related OSV/GHSA entries) describe the underlying issue as a self-recursive function in GraphDef leading to unbounded resolution of NodeDe...
CVE-2022-21735
TensorFlow vulnerability CVE-2022-21735 involves the FractionalMaxPool implementation where a division-by-zero can crash the TensorFlow process. The issue is documented across multiple sources, noting the root cause in FractionalMaxPool and that a patch fixes it in TensorFlow 2.8.0, with cherry-p...
CVE-2022-29199
TensorFlow vulnerability CVE-2022-29199 affects tf.raw_ops.LoadAndRemapMatrix. The issue arises from incomplete validation of input arguments, where the code assumes initializing_values is a vector but does not validate it before access, leading to a CHECK failure that can trigger a denial of ser...
CVE-2022-29201
TensorFlow CVE-2022-29201 concerns a missing input validation in tf.raw_ops.QuantizedConv2D that can bind references to nullptr when arguments are empty. Affected versions include 2.6.4, 2.7.2, 2.8.1, and 2.9.0. Patches exist in 2.9.0 and are cherrypicked to the older supported branches (2.8.1, 2...
CVE-2022-35999
TensorFlow CVE-2022-35999 affects Conv2DBackpropInput: when out_backprop is empty (example [3,1,0,1]), CPU/GPU kernels fail CHECKs, enabling potential denial of service. A patch was committed (27a65a43cf763897fecfa5cdb5cc653fc5dd0346) and will be included in TensorFlow 2.10.0; the patch will also...
CVE-2022-23576
CVE-2022-23576 describes an integer overflow in TensorFlow’s OpLevelCostEstimator::CalculateOutputSize, triggered when computing the product of output_shape.dim() elements for large tensor sizes. The vulnerability could allow overflow of the computed output size, potentially impacting stability o...
CVE-2022-23587
CVE-2022-23587 concerns TensorFlow, specifically the Grappler cost-estimator path. The vulnerability is an integer overflow in the cost estimation for crop and resize within Grappler, triggered by user-controlled cropping parameters, which can lead to undefined behavior. The patch is committed (c...
CVE-2022-29209
TensorFlow has a documented vulnerability (CVE-2022-29209) due to incorrect logic when comparing size_t and int in assertion macros. Affected versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4 may trigger the issue; a patch is included in 2.9.0 and is backported to 2.8.1, 2.7.2, and 2.6.4. Impact r...
CVE-2022-36015
TensorFlow CVE-2022-36015 describes an integer overflow in RangeSize: if the range value cannot fit in int64_t, the operation crashes. The issue is fixed in commit 37e64539cd29fcfb814c4451152a60f5d107b0f0 and will be included in TensorFlow 2.10.0; it will also be cherry-picked to TensorFlow 2.9.1...
CVE-2021-29543
CVE-2021-29543 affects TensorFlow’s CTCGreedyDecoder with a CHECK_LT invariant in tf.raw_ops.CTCGreedyDecoder that can trigger a denial-of-service via abnormal termination. Connected sources provide concrete technical details: the issue resides in TensorFlow core/kernels/ctc_decoder_ops.cc lines ...
CVE-2021-37668
CVE-2021-37668 affects TensorFlow, specifically the tf.raw_ops.UnravelIndex path. The vulnerability arises when dims is empty and an element of dims is 0, leading to an division-by-zero in the implementation and enabling a denial-of-service in model-serving applications. The issue was patched in ...
CVE-2022-21739
TensorFlow’s QuantizedMaxPool has an undefined behavior that can trigger a reference binding to a null pointer when handling user-controlled inputs. The patch is planned for TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3 (still in supported range). Remediation: upgrade to TensorFl...
CVE-2022-23559
TensorFlow/TensorFlow Lite contains an integer overflow in embedding_lookup_sparse within TFLite. The vulnerability arises because embedding_size and lookup_size are computed as products of user-supplied values, enabling overflow during multiplication and potentially leading to a heap-based out-o...
CVE-2022-23583
TensorFlow vulnerability CVE-2022-23583: a type confusion caused by modifying the SavedModel’s tensor protobufs can let a remote attacker trigger CHECK failures in templated binary operators, leading to a denial of service. Affected: various TF releases up to 2.8.x (and cherry-picks on 2.7.1, 2.6...
CVE-2022-29197
CVE-2022-29197 concerns TensorFlow UnsortedSegmentJoin with incomplete input validation that can trigger a denial of service via a CHECK failure when num_segments is not properly validated. Affected releases include TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4. The issue has been a...
CVE-2022-35986
TensorFlow vulnerability CVE-2022-35986 affects RaggedBincount: if an empty input tensor for splits is provided, a segfault can trigger a denial of service. The issue is fixed via GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8, with the fix slated for TensorFlow 2.10.0 and cherry-picked b...
CVE-2022-23565
CVE-2022-23565 : TensorFlow contains a denial-of-service risk caused by an assertion failure when a SavedModel on disk has duplicated AttrDef entries for an operation. The issue’s root cause is described across connected sources as a SavedModel mismatch that can trigger a crash under certain on-d...
CVE-2022-23579
CVE-2022-23579 affects TensorFlow: the Grappler optimizer can cause a denial of service by altering a SavedModel to trigger CHECK failures in SafeToRemoveIdentity. The issue is linked to the Grappler dependency optimizer logic and manifests as a DoS condition. The fix is planned for TensorFlow 2....
CVE-2021-29597
TensorFlow/TFLite SpaceToBatchNd is vulnerable to a division-by-zero error when a dimension of the block input is 0, enabling crafted inputs to trigger a fault in the operator. Affected: TensorFlow’s SpaceToBatchNd (TFLite kernel). Root cause: division by zero in the SpaceToBatchNd kernel when fi...
CVE-2022-21728
CVE-2022-21728 affects TensorFlow: ReverseSequence shape-inference can yield a heap-based out-of-bounds read because batch_dim is checked for being too large but not for negative values. The mitigation path is a forthcoming fix in TensorFlow 2.8.0, with cherry-picks into 2.7.1, 2.6.3, and 2.5.3. ...
CVE-2022-23586
TensorFlow vulnerability CVE-2022-23586 affects the SavedModel path via assertions in function.cc, enabling denial of service by a malicious SavedModel that crashes the Python interpreter. Root cause is CHECK/assertion failures in function.cc when a SavedModel is altered. Affected releases map to...
CVE-2022-29191
CVE-2022-29191 affects TensorFlow: the implementation of tf.raw_ops.GetSessionTensor does not fully validate input arguments, causing a CHECK failure and enabling a denial of service on a local attacker. Affected versions are prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4; a patch is included in those v...
CVE-2022-41909
CVE-2022-41909 affects TensorFlow: an input encoded that is not a valid CompositeTensorVariant can cause a segfault in tf.raw_ops.CompositeTensorVariantToComponents. Patches are in commits bf594d08d... and 660ce5a89e..., with the fix slated for TensorFlow 2.11 and cherry-picked to 2.10.1, 2.9.3, ...
CVE-2022-23577
CVE-2022-23577 : TensorFlow contains a null-pointer dereference in GetInitOp that can crash. The issue is documented with a fix in TensorFlow 2.8.0 and cherry-picks to 2.7.1, 2.6.3, and 2.5.3. Affected lines and patch are described in linked advisories (GitHub commit 4f38b1ac…, security advisorie...
CVE-2022-23574
CVE-2022-23574 affects TensorFlow. A typo in SpecializeType leads to a heap out-of-bounds read/write by initializing arg to the i-th mutable argument in a loop, enabling writes/read beyond bounds. The issue is fixed in TensorFlow 2.8.0, with cherry-picks for TensorFlow 2.7.1 and 2.6.3. Affected r...
CVE-2022-29206
CVE-2022-29206 involves TensorFlow’s tf.raw_ops.SparseTensorDenseAdd, where input argument validation is insufficient, causing a reference to a nullptr during kernel execution and resulting in undefined behavior. Affected releases include TensorFlow versions prior to 2.9.0, and also 2.8.1, 2.7.2,...
CVE-2021-29531
CVE-2021-29531 affects TensorFlow and relates to a denial-of-service risk in PNG encoding when an attacker supplies an empty input tensor for pixel data. The issue stems from encode_png_op.cc validating only total pixel count and passing image data to png::WriteImageToBuffer, which calls CHECK_NO...
CVE-2021-37679
TensorFlow CVE-2021-37679 concerns a vulnerability in nested tf.map_fn with RaggedTensor inputs. The root cause is in the conversion from a Variant tensor to a RaggedTensor: the implementation does not verify that all inner shapes match, which can produce extra dimensions and allow leakage of hea...
CVE-2021-29545
CVE-2021-29545 concerns TensorFlow and describes a heap-based out-of-bounds issue in SparseTensorToCSRSparseMatrix caused by a double redirection when accessing csr_row_ptr via indices(i, 0) + 1. This can lead to a denial of service by writing outside heap data. The connected OSV/GHSA entries con...
CVE-2021-37673
TensorFlow maps-stage DoS (CVE-2021-37673). The issue arises from tf.raw_ops.MapStage not validating non-empty key tensors, enabling a local attacker to trigger a denial-of-service via a CHECK-fail. Patches were committed and the fix is expected in TensorFlow 2.6.0, with backports to 2.5.1, 2.4.3...