Lucene search
K
GoogleTensorflow

431 matches found

CVE
CVE
added 2022/09/16 10:20 p.m.95 views

CVE-2022-35994

CVE-2022-35994 is a denial-of-service issue in TensorFlow’s CollectiveGather when given a scalar input. Root cause: a CHECK failure in CollectiveGather. A patch was committed (c1f491817dec39a26be3c574e86a88c30f3c4770) and will be included in TensorFlow 2.10.0; the fix will also be cherry-picked t...

7.5CVSS6.4AI score0.00396EPSS
CVE
CVE
added 2022/09/16 10:10 p.m.95 views

CVE-2022-36002

CVE-2022-36002 affects TensorFlow: Unbatch can trigger a denial of service when given a nonscalar id input, due to a CHECK failure. The issue has been patched in commit 4419d10d576adefa36b0e0a9425d2569f7c0189f and will be included in TensorFlow 2.10.0; affected releases will also receive a cherry...

7.5CVSS6.4AI score0.00396EPSS
CVE
CVE
added 2022/09/16 10:5 p.m.95 views

CVE-2022-36026

TensorFlow vulnerability CVE-2022-36026: A non-scalar num_bits input to QuantizeAndDequantizeV3 triggers a CHECK failure, enabling denial of service. The issue is fixed in commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713 and the fix will be in TensorFlow 2.10.0; cherry-picks are planned for 2.9.1,...

7.5CVSS6.4AI score0.00396EPSS
CVE
CVE
added 2021/05/14 7:36 p.m.94 views

CVE-2021-29516

TensorFlow CVE-2021-29516 describes a null pointer dereference in tf.raw_ops.RaggedTensorToVariant when provided with an invalid ragged tensor. The issue arises because batched_ragged.splits(0) is dereferenced without validating non-emptiness. Affected: TensorFlow and related entries indicate the...

5.5CVSS4.8AI score0.00198EPSS
CVE
CVE
added 2021/05/14 7:12 p.m.94 views

CVE-2021-29533

TensorFlow DrawBoundingBoxes (CVE-2021-29533) is affected by a CHECK_-driven input validation flaw that can crash the program when an empty image is passed. The root cause is input validation using CHECK_ instead of OP_REQUIRES, causing a negative max_box_row_clamp and a crash. The fix is include...

5.5CVSS4.7AI score0.00217EPSS
CVE
CVE
added 2021/05/14 7:11 p.m.94 views

CVE-2021-29537

CVE-2021-29537 affects TensorFlow: a heap buffer overflow in QuantizedResizeBilinear triggered by invalid quantization thresholds. Root cause is assuming two scalar inputs are valid and directly indexing their values; if min/max tensors are empty, accessing element 0 overflows. Public details con...

7.8CVSS5.8AI score0.00211EPSS
CVE
CVE
added 2021/05/14 7:10 p.m.94 views

CVE-2021-29550

TensorFlow CVE-2021-29550 concerns a runtime division-by-zero in tf.raw_ops.FractionalAvgPool within the FractionalAvgPool implementation. The root cause is that the operator computes output_size by floor-dividing input_size[i] by pooling_ratio[i], where both values are user-controlled; if input_...

5.5CVSS4.7AI score0.00189EPSS
CVE
CVE
added 2021/05/14 7:35 p.m.94 views

CVE-2021-29586

CVE-2021-29586 affects TensorFlow (TFLite pooling) where optimized pooling implementations fail to validate stride values, allowing params->stride_height/width to be zero and cause a division by zero in ComputePaddingHeightWidth. Practically, this is a vulnerability in the pooling path of Tens...

7.8CVSS5.3AI score0.00201EPSS
CVE
CVE
added 2021/05/14 7:22 p.m.94 views

CVE-2021-29591

TensorFlow/TfLite vulnerability CVE-2021-29591 stems from loops in TFlite subgraphs (example: While) allowing potential infinite recursion and stack exhaustion during evaluation. Affected: TensorFlow/TfLite; root cause: unchecked looping between body and loop subgraphs. Impact described as stack ...

7.8CVSS7.3AI score0.00262EPSS
CVE
CVE
added 2021/05/14 7:21 p.m.94 views

CVE-2021-29604

TensorFlow/TFLite hashtable lookup (HashtableLookup) is affected by a division-by-zero in hashtable_lookup.cc when the first dimension of values is 0. Root cause: num_rows derived from the 0th dimension leads to invalid division. Affected: TensorFlow/TFLite hashtable lookup; fix slated for Tensor...

5.5CVSS4.7AI score0.00189EPSS
CVE
CVE
added 2021/05/14 7:25 p.m.94 views

CVE-2021-29615

CVE-2021-29615 affects TensorFlow and involves a stack overflow in the ParseAttrValue implementation caused by recursive parsing of nested attributes. Connected sources (OSV/GHSA/CNVD/NVD entries) consistently describe this as a vulnerability in TensorFlow’s attribute parsing path, with the fix s...

5.5CVSS4.9AI score0.00204EPSS
CVE
CVE
added 2021/11/05 7:55 p.m.94 views

CVE-2021-41199

CVE-2021-41199 refers to an overflow crash in TensorFlow’s tf.image.resize when the output size is very large. Affected TF versions up to 2.7.0 (and cherry-picks for 2.6.1, 2.5.2, 2.4.4) abort the process via a CHECK failure due to int64 overflow while computing the output tensor size. Connected ...

5.5CVSS5.6AI score0.0023EPSS
CVE
CVE
added 2022/02/03 11:42 a.m.94 views

CVE-2022-23568

CVE-2022-23568 describes an integer overflow in TensorFlow’s AddManySparseToTensorsMap, causing a CHECK-fail when constructingTensorShape objects. The issue arises from insufficient validation of input tensor shapes and constructing large TensorShape with user-provided dimensions, enabling a deni...

6.5CVSS6.7AI score0.008EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.94 views

CVE-2022-23580

Summary: CVE-2022-23580 affects TensorFlow; during shape inference, TensorFlow may allocate a very large vector based on a user-controlled tensor value. This can lead to resource exhaustion. The issue has a fix in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3 for affected support...

6.5CVSS6.6AI score0.00821EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.94 views

CVE-2022-23589

CVE-2022-23589 affects the Grappler component of TensorFlow. The vulnerability is a null pointer dereference that can occur during constant folding when SavedModel nodes are missing, and similarly in IsIdentityConsumingSwitch. The fix is in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and...

6.5CVSS6.6AI score0.01097EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.94 views

CVE-2022-23593

TensorFlow CVE-2022-23593 affects the MLIR-TFRT simplifyBroadcast path. When shapes are scalar, maxRank becomes 0 and an empty SmallVector is built, leading to a segfault (denial of service). The fix is planned for TensorFlow 2.8.0; upgrading to that version (or newer) is the remediation if appli...

7.5CVSS6.3AI score0.0087EPSS
CVE
CVE
added 2022/09/16 7:30 p.m.94 views

CVE-2022-35934

CVE-2022-35934 : TensorFlow’s tf.reshape op is vulnerable to a denial of service caused by a CHECK-failure when overflowing the number of tensor elements. The issue is patched in commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555; the fix is planned for TensorFlow 2.10.0 and will be cherry-picked to...

7.5CVSS6.3AI score0.00396EPSS
CVE
CVE
added 2022/09/16 9:40 p.m.94 views

CVE-2022-35984

TensorFlow CVE-2022-35984 affects ParameterizedTruncatedNormal where shape is assumed to be int32; providing an int64 shape triggers a mismatched type CHECK failure that can cause a denial of service. The issue has been patched in commit 72180be03447a10810edca700cbc9af690dfeb51 and the fix is sla...

7.5CVSS6.4AI score0.00396EPSS
CVE
CVE
added 2022/09/16 10:20 p.m.94 views

CVE-2022-35992

TensorFlow’s CVE-2022-35992 affects TensorListFromTensor when element_shape has rank > 1, triggering a CHECK failure that can lead to denial of service. The issue is addressed by GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee and will be fixed in TensorFlow 2.10.0; Red Hat and IBM advi...

7.5CVSS6.4AI score0.00396EPSS
CVE
CVE
added 2022/11/18 12:0 a.m.94 views

CVE-2022-41887

TensorFlow CVE-2022-41887 describes a buffer/size-mismatch overflow in tf.keras.losses.poisson when y_pred/y_true dimensions overflow an int32 during broadcasting in BinaryOp. A patch is committed (c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c) and will be included in TensorFlow 2.11; TensorFlow 2.10....

7.5CVSS6.3AI score0.0044EPSS
CVE
CVE
added 2022/11/18 12:0 a.m.94 views

CVE-2022-41899

CVE-2022-41899 — TensorFlow SdcaOptimizer rank check issue . The vulnerability occurs when inputs are not rank-2 and triggers a CHECK failure in SdcaOptimizer, potentially impacting availability. The root cause is a rank validation check in the optimizer. Patch available in GitHub commit 80ff197d...

7.5CVSS6.2AI score0.0044EPSS
CVE
CVE
added 2020/10/21 8:20 p.m.93 views

CVE-2020-15265

TensorFlow before 2.4.0 is affected by CVE-2020-15265: passing an invalid axis to tf.quantization.quantize_and_dequantize can trigger a segfault due to a DCHECK in dim_size, potentially crashing the C++ kernel. The issue is patched in commit eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow...

7.5CVSS6.1AI score0.00886EPSS
CVE
CVE
added 2021/05/14 7:11 p.m.93 views

CVE-2021-29539

TensorFlow CVE-2021-29539 describes a segfault in tf.raw_ops.ImmutableConst when dtype is tf.resource or tf.variant. Root cause: the implementation assumes scalar contents, leading to a crash. A fix was committed (4f663d4b8f0bec1b48da6fa091a7d29609980fa4) and TensorFlow 2.5.0 will include the pat...

5.5CVSS4.9AI score0.00189EPSS
CVE
CVE
added 2021/08/12 5:35 p.m.93 views

CVE-2021-37642

CVE-2021-37642 involves TensorFlow’s tf.raw_ops.ResourceScatterDiv, where an implementation division-by-zero can occur in affected builds. Public details confirm this is rooted in the shared binary-ops class and that a patch was applied in GitHub commit 4aacb30888638da75023e6601149415b39763d76, w...

5.5CVSS5.6AI score0.00154EPSS
CVE
CVE
added 2021/08/12 10:15 p.m.93 views

CVE-2021-37687

CVE-2021-37687 describes a heap-based out-of-bounds read in TensorFlow Lite’s GatherNd and Gather, caused by missing index checks for negative values in indices. An attacker could read arbitrary heap data via crafted models. Patched in GitHub commits bb6a0383ed... and eb92112211..., with the fix ...

5.5CVSS5.7AI score0.00191EPSS
CVE
CVE
added 2021/11/05 10:5 p.m.93 views

CVE-2021-41206

CVE-2021-41206 is described across multiple connected sources as a TensorFlow issue where several TF ops fail to validate the shapes of tensor arguments, potentially causing undefined behavior, crashes (segfaults or CHECK failures), and heap-related reads/writes. The issue affects TensorFlow’s co...

7.8CVSS7.2AI score0.00174EPSS
CVE
CVE
added 2021/11/05 8:50 p.m.93 views

CVE-2021-41214

CVE-2021-41214 affects TensorFlow’s ragged.cross shape inference: binding a reference to nullptr causes undefined behavior. A fix is planned for TensorFlow 2.7.0, with cherry-picks to 2.6.1, 2.5.2, and 2.4.4 (still in supported range). Implication: vulnerable versions may crash or behave unexpect...

7.8CVSS7.5AI score0.0021EPSS
CVE
CVE
added 2021/11/05 10:10 p.m.93 views

CVE-2021-41216

TensorFlow CVE-2021-41216 describes a heap buffer overflow in the shape inference for Transpose when perm contains negative elements. The shape inference function does not validate that perm indices are within range, leading to potential overflow. The fix is stated for TensorFlow 2.7.0, with cher...

7.8CVSS6.4AI score0.00156EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.93 views

CVE-2022-23581

CVE-2022-23581 concerns the Grappler optimizer in TensorFlow. The vulnerability arises when a SavedModel is altered in a way that triggers a CHECK failure in IsSimplifiableReshape, enabling a denial of service. Technical details in the connected documents specify the affected component as the Gra...

6.5CVSS6.4AI score0.01151EPSS
CVE
CVE
added 2022/09/16 10:15 p.m.93 views

CVE-2022-35995

CVE-2022-35995 affects TensorFlow. The issue occurs in the AudioSummaryV2 path when an input sample_rate has more than one element, causing a CHECK failure that can be used to trigger a denial of service. A fix is implemented in GitHub commit bf6b45244992e2ee543c258e519489659c99fb7f and will be i...

7.5CVSS6.4AI score0.00396EPSS
CVE
CVE
added 2022/09/16 10:15 p.m.93 views

CVE-2022-35998

CVE-2022-35998 affects TensorFlow. When EmptyTensorList receives an input element_shape with more than one dimension, a CHECK failure can be triggered, potentially enabling a denial of service. The issue is fixed in commit c8ba76d48567aed347508e0552a257641931024d and will be included in TensorFlo...

7.5CVSS6.4AI score0.00405EPSS
CVE
CVE
added 2022/11/18 12:0 a.m.93 views

CVE-2022-41885

TensorFlow vulnerability CVE-2022-41885 affects tf.raw_ops.FusedResizeAndPadConv2D when handling large tensor shapes, causing a buffer/overflow. A fix was committed (d66e1d568275e6a2947de97dca7a102a211e01ce) and will be included in TensorFlow 2.11. TensorFlow team will cherry-pick this commit to ...

7.5CVSS6.2AI score0.0043EPSS
CVE
CVE
added 2022/11/18 12:0 a.m.93 views

CVE-2022-41907

CVE-2022-41907 affects TensorFlow: when calling tf.raw_ops.ResizeNearestNeighborGrad with a very large size, an integer overflow occurs in the operation. The issue has been fixed in commit 00c821af032ba9e5f5fa3fe14690c8d28a657624 and the fix will be included in TensorFlow 2.11; TensorFlow 2.10.1,...

7.5CVSS6.2AI score0.0044EPSS
CVE
CVE
added 2020/09/25 6:40 p.m.92 views

CVE-2020-15200

CVE-2020-15200 affects TensorFlow before 2.3.1. The RaggedCountSparseOutput path does not validate that the input ragged tensor is well-formed, specifically not validating that the splits form a valid partition of values. This can set up conditions that lead to a heap-based buffer overflow and, i...

5.9CVSS6AI score0.00844EPSS
CVE
CVE
added 2021/05/14 7:36 p.m.92 views

CVE-2021-29517

CVE-2021-29517 affects TensorFlow Conv3D: division-by-zero in the Conv3D kernel caused by a modulo on user input (fifth filter dimension), potentially triggering an Eigen assertion and a crash. The issue is addressed by a TensorFlow fix in 2.5.0, with cherry-picks to 2.4.2, 2.3.3, 2.2.3 and 2.1.4...

5.5CVSS4.7AI score0.00189EPSS
CVE
CVE
added 2021/05/14 7:35 p.m.92 views

CVE-2021-29524

TensorFlow (Conv2DBackpropFilter) suffers a division-by-zero vulnerability caused by a modulus operation in conv_grad_shape_utils.cc where the divisor is supplied by the caller. The concrete issue has been tracked as CVE-2021-29524 and is documented across multiple sources (OSV and Ghsa advisorie...

5.5CVSS4.7AI score0.00189EPSS
CVE
CVE
added 2021/05/14 7:12 p.m.92 views

CVE-2021-29528

CVE-2021-29528 is a TensorFlow vulnerability in the QuantizedMul path that can trigger a division by zero. The issue arises because the implementation divides by a quantity controlled by the caller, per the cited code path in quantized_mul_op.cc. Public details confirm affected TensorFlow release...

5.5CVSS4.7AI score0.00189EPSS
CVE
CVE
added 2021/05/14 7:16 p.m.92 views

CVE-2021-29575

CVE-2021-29575 targets TensorFlow’s tf.raw_ops.ReverseSequence. Concrete details from connected docs show the root cause: the operation does not validate seq_dim and batch_dim, allowing negative values to cause stack overflow or CHECK-fail Denial of Service (local). Impact is a local DoS conditio...

5.5CVSS5.1AI score0.00198EPSS
CVE
CVE
added 2021/05/14 7:22 p.m.92 views

CVE-2021-29589

CVE-2021-29589 concerns TensorFlow GatherNd in TFLite. The vulnerability is a division-by-zero error when the params input is an empty tensor, triggered by constructing a model that makes params_shape.Dims(.) zero. This can cause a denial of service. A fix is included in TensorFlow 2.5.0, with ch...

7.8CVSS5.3AI score0.00201EPSS
CVE
CVE
added 2021/05/14 7:20 p.m.92 views

CVE-2021-29613

CVE-2021-29613 covers TensorFlow CTCLoss: the vulnerability is caused by incomplete validation in tf.raw_ops.CTCLoss that can trigger an out-of-bounds read from the heap (and related heap buffer overflow/null-pointer dereference conditions) as described in multiple sources. Affected: TensorFlow r...

7.1CVSS6.4AI score0.0024EPSS
CVE
CVE
added 2021/08/12 9:15 p.m.92 views

CVE-2021-37648

TensorFlow SaveV2 input validation flaw (tf.raw_ops.SaveV2) allows a local attacker to trigger a NULL pointer dereference due to improper input validation in ValidateInputs. The issue was fixed in TensorFlow 2.6.0 (commit 9728c60e...); backports were planned for 2.5.1, 2.4.3, and 2.3.4. Affected ...

7.8CVSS7.6AI score0.00186EPSS
CVE
CVE
added 2022/09/16 10:10 p.m.92 views

CVE-2022-36003

TensorFlow CVE-2022-36003 affects RandomPoissonV2: large input shapes/rates trigger a CHECK failure leading to DoS. A patch was committed (552bfced6ce4…) and the fix will be in TensorFlow 2.10.0, with cherry-picks to 2.9.1, 2.8.1, and 2.7.2. Remediation: upgrade to TensorFlow 2.10.0 or apply the ...

7.5CVSS6.4AI score0.00396EPSS
CVE
CVE
added 2022/09/16 10:30 p.m.92 views

CVE-2022-36011

CVE-2022-36011 affects TensorFlow: a null dereference when mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes. Root cause: empty attributes lead to a null dereference in MLIR/TFG import. Remediation per sources: fix landed in TensorFlow 2.10.0 and will be cherry-pic...

7.5CVSS6.5AI score0.00396EPSS
CVE
CVE
added 2022/09/16 10:35 p.m.92 views

CVE-2022-36014

TensorFlow vulnerability CVE-2022-36014: a null dereference in mlir::tfg::TFOp::nameAttr when provided a null type list, causing a crash (denial of service potential). Fixed in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The patch will be ...

7.5CVSS6.5AI score0.00559EPSS
CVE
CVE
added 2022/11/18 12:0 a.m.92 views

CVE-2022-41908

TensorFlow CVE-2022-41908: CHECK fail in tf.raw_ops.PyFunc triggered by non-UTF-8 input tokens. Patch committed (9f03a9d3bafe902c1e6beb105b2f24172f238645); fix slated for TensorFlow 2.11 with cherry-picks to 2.10.1, 2.9.3, and 2.8.4. No exploit details provided in the documents.

7.5CVSS6.2AI score0.0045EPSS
CVE
CVE
added 2021/05/14 7:35 p.m.91 views

CVE-2021-29521

TensorFlow CVE-2021-29521: A bug in tf.raw_ops.SparseCountSparseOutput triggers a segmentation fault when dense_shape contains negative values. Root cause is the implementation assuming the first element of dense_shape is positive to initialize BatchedMap; with multi-element shapes, num_batches d...

5.5CVSS4.7AI score0.00189EPSS
CVE
CVE
added 2021/05/14 7:12 p.m.91 views

CVE-2021-29532

Summary: CVE-2021-29532 affects TensorFlow and describes a heap out-of-bounds read in RaggedCross when processing tensors, due to missing validation of user-supplied indices in ragged/dense/sparse paths. The vulnerability arises from code that uses list indices (e.g., next_ragged/next_sparse/next...

7.1CVSS5.1AI score0.00198EPSS
CVE
CVE
added 2021/05/14 7:10 p.m.91 views

CVE-2021-29548

TensorFlow vulnerability CVE-2021-29548 concerns the QuantizedBatchNormWithGlobalNormalization path. The issue is a runtime division-by-zero that can cause a denial of service due to insufficient validation of the op contract in the quantized batch-norm kernel. A fix is planned and will be includ...

5.5CVSS4.7AI score0.00189EPSS
CVE
CVE
added 2021/05/14 7:17 p.m.91 views

CVE-2021-29557

CVE-2021-29557 : TensorFlow’s DoS is caused by a division-by-zero in tf.raw_ops.SparseMatMul when the second operand (b) is an empty tensor, triggering a runtime error deep in Eigen. Public sources in connected documents confirm this vulnerability in TensorFlow’s SparseMatMul, with remediation de...

5.5CVSS4.8AI score0.00189EPSS
CVE
CVE
added 2021/05/14 7:17 p.m.91 views

CVE-2021-29558

TensorFlow SparseSplit heap overflow (CVE-2021-29558) : Multiple security records (OSV, GHSA, CNVD, NVD) describe a heap-based overflow in tf.raw_ops.SparseSplit caused by accessing an array element using a user-controlled offset in SparseTensor.h. The vulnerability can lead to denial of service ...

7.8CVSS5.8AI score0.00211EPSS
Total number of security vulnerabilities431