Lucene search
K
GoogleTensorflow

431 matches found

CVE
CVE
added 2021/08/12 6:10 p.m.91 views

CVE-2021-37639

TensorFlow has a local, impactful vulnerability CVE-2021-37639 where restoring tensors via raw APIs can dereference a null pointer or read outside the heap bounds when tensor_name is not provided. The root cause is reading the tensor list from user-controlled input without validating its length, ...

8.4CVSS7.6AI score0.00173EPSS
CVE
CVE
added 2021/08/12 10:15 p.m.91 views

CVE-2021-37685

CVE-2021-37685 affects TensorFlow’s TFLite expand_dims.cc, where a large negative axis can bypass the post-branch check and cause a read one element before the start of input_dims.data (heap OOB). The issue has been patched in commit d94ffe08a65400f898241c0374e9edc6fa8ed257, with the fix slated f...

5.5CVSS5.7AI score0.00172EPSS
CVE
CVE
added 2021/11/05 10:30 p.m.91 views

CVE-2021-41227

TensorFlow CVE-2021-41227 concerns the ImmutableConst operation, which in affected versions can read arbitrary memory due to the tstring class having a special case for memory-mapped strings while the operation does not handle this datatype. The issue is rooted in the mismatch between memory-mapp...

6.6CVSS5.6AI score0.0023EPSS
CVE
CVE
added 2022/09/16 8:50 p.m.91 views

CVE-2022-35971

CVE-2022-35971 affects TensorFlow: a denial-of-service risk when FakeQuantWithMinMaxVars receives min/max tensors of nonzero rank, causing a CHECK failure. Root cause: input validation in FakeQuantWithMinMaxVars leads to DoS. Known impact: remote attacker could trigger DoS via this path; exploita...

7.5CVSS6.4AI score0.00383EPSS
CVE
CVE
added 2022/09/16 9:40 p.m.91 views

CVE-2022-35987

TensorFlow vulnerability CVE-2022-35987 affects DenseBincount: if weights shape does not match input (or is not length-0), a CHECK failure can be triggered, potentially allowing a denial-of-service. The issue is mitigated by applying the patch from commit bf4c14353c2328636a18bfad1e151052c81d5f43,...

7.5CVSS6.4AI score0.00396EPSS
CVE
CVE
added 2022/09/16 10:30 p.m.91 views

CVE-2022-36013

TensorFlow CVE-2022-36013 describes a null-dereference crash in mlir::tfg::GraphDefImporter::ConvertNodeDef when converting NodeDefs without an op name. A fix is present in commit a0f0b9a21c9270930457095092f558fbad4c03e5 and will be included in TensorFlow 2.10.0; the patch will also beCherry-pick...

7.5CVSS6.5AI score0.00547EPSS
CVE
CVE
added 2022/09/16 10:5 p.m.91 views

CVE-2022-36019

CVE-2022-36019 affects TensorFlow: a CHECK failure in FakeQuantWithMinMaxVarsPerChannel when min/max tensors are not rank-1 can trigger a denial of service. Patched in commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0; fix will be in TensorFlow 2.10.0, with cherry-picks to 2.9.1, 2.8.1, and 2.7.2. ...

7.5CVSS6.4AI score0.00396EPSS
CVE
CVE
added 2020/09/25 6:50 p.m.90 views

CVE-2020-15214

CVE-2020-15214 affects TensorFlow Lite prior to 2.2.1 and 2.3.1. A write-out-of-bounds can occur when segment IDs are not sorted in segment_sum, due to memory allocation based on the last segment-id element, causing segmentation faults and potential memory corruption. The issue is patched in comm...

8.1CVSS7.8AI score0.00556EPSS
CVE
CVE
added 2021/05/14 7:17 p.m.90 views

CVE-2021-29561

CVE-2021-29561 (TensorFlow) describes a denial-of-service via a CHECK-fail in LoadAndRemapMatrix caused by assuming ckpt_path is a valid scalar; attackers can send a non-scalar tensor as the first argument. Connected docs confirm the same issue and note fixes will be applied in TensorFlow 2.5.0 w...

5.5CVSS4.7AI score0.00189EPSS
CVE
CVE
added 2021/05/14 7:22 p.m.90 views

CVE-2021-29593

The CVE-2021-29593 entry maps to a vulnerability in TensorFlow: the BatchToSpaceNd TFLite operator can trigger a division-by-zero when a model sets one dimension of the block input to 0, producing an unsafe block_shape value. Public documents corroborate this behavior and describe patches: the fi...

7.8CVSS5.3AI score0.00201EPSS
CVE
CVE
added 2021/05/14 7:20 p.m.90 views

CVE-2021-29611

TensorFlow vulnerability CVE-2021-29611: In SparseReshape, input validation is incomplete, allowing a denial-of-service via a CHECK failure. The issue affects multiple TF releases (notably the 2.3.3, 2.4.2 and 2.5.0 lines are mentioned for fixes/patches). The patch is referenced as commit 1d04d7d...

5.5CVSS4.8AI score0.00202EPSS
CVE
CVE
added 2021/05/14 7:20 p.m.90 views

CVE-2021-29613

CVE-2021-29613 covers TensorFlow CTCLoss: the vulnerability is caused by incomplete validation in tf.raw_ops.CTCLoss that can trigger an out-of-bounds read from the heap (and related heap buffer overflow/null-pointer dereference conditions) as described in multiple sources. Affected: TensorFlow r...

7.1CVSS6.4AI score0.0024EPSS
CVE
CVE
added 2021/08/12 5:35 p.m.90 views

CVE-2021-37640

CVE-2021-37640 affects TensorFlow and relates to the SparseReshape path. The issue arises when tf.raw_ops.SparseReshape can trigger a division by zero due to the reshape functor not validating that both input and target shapes have a non-zero element count. This can lead to an integral division b...

5.5CVSS5.7AI score0.00152EPSS
CVE
CVE
added 2021/08/12 10:0 p.m.90 views

CVE-2021-37681

CVE-2021-37681 affects TensorFlow (SVDF in TFLite); root cause is a potential null dereference where GetVariableInput can return nullptr and GetTensorData assumes a valid tensor. A fix was committed (5b048e87e4e55990dae6b547add4dae59f4e1c76) and will be included in TensorFlow 2.6.0, with cherry-p...

7.8CVSS7.6AI score0.00173EPSS
CVE
CVE
added 2021/11/05 8:45 p.m.90 views

CVE-2021-41204

CVE-2021-41204 concerns TensorFlow. In affected builds, during Grappler optimizer constant folding, a deep copy of a resource tensor may be attempted, causing a segfault because such tensors should not change. The issue is addressed with a fix in TensorFlow 2.7.0, and a cherry-pick was applied to...

5.5CVSS5.5AI score0.00136EPSS
CVE
CVE
added 2022/02/03 12:8 p.m.90 views

CVE-2022-21736

TensorFlow CVE-2022-21736: Undefined behavior in SparseTensorSliceDataset can dereference a nullptr under certain preconditions for sparse-tensor arguments. Affected in TensorFlow 2.5.x–2.7.x and fixed in 2.8.0; commits patch this behavior and are cherry-picked to 2.7.1, 2.6.3, and 2.5.3. Remedia...

7.6CVSS6.6AI score0.00746EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.90 views

CVE-2022-23566

CVE-2022-23566 describes a heap out-of-bounds write in TensorFlow Grappler caused by the set_output function writing to an array at a specified index, enabling a potential write primitive. The issue is fixed in TensorFlow 2.8.0, with cherry-picks planned for TensorFlow 2.7.1, 2.6.3, and 2.5.3 (th...

8.8CVSS8.6AI score0.00924EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.90 views

CVE-2022-23588

CVE-2022-23588 affects TensorFlow: a malicious SavedModel can trigger Grappler optimizer to build a tensor using a reference dtype, causing a crash via a CHECK-fail in the Tensor constructor. The issue is fixed in TensorFlow 2.8.0; commits are cherry-picked to 2.7.1, 2.6.3, and 2.5.3 for affected...

6.5CVSS6.4AI score0.00864EPSS
CVE
CVE
added 2022/09/16 8:0 p.m.90 views

CVE-2022-35960

CVE-2022-35960 relates to TensorFlow’s TensorListReserve check in core/kernels/list_kernels.cc. The issue occurs when num_elements is a tensor larger than size 1, causing a failed CHECK_EQ in CheckIsAlignedAndSingleElement and potentially denial of service. The documented fix is committed (b5f6fb...

7.5CVSS6.5AI score0.00547EPSS
CVE
CVE
added 2022/11/18 12:0 a.m.90 views

CVE-2022-41880

TensorFlow CVE-2022-41880 describes a heap-based out-of-bounds read in BaseCandidateSamplerOp when true_classes contains a value greater than range_max. A patch was committed (b389f5c944cadfdfe599b3f1e4026e036f30d2d4) and the fix is scheduled for TensorFlow 2.11, with cherry-picks to 2.10.1, 2.9....

9.1CVSS7.8AI score0.0038EPSS
CVE
CVE
added 2020/09/25 6:50 p.m.89 views

CVE-2020-15212

CVE-2020-15212 affects TensorFlow Lite: models using segment_sum can trigger writes outside heap buffers when negative segment_ids are present, allowing out-of-bounds writes and potential memory corruption. The issue is fixed in TensorFlow 2.2.1 and 2.3.1 (commit 204945b19e44b57906c9344c0d00120ee...

8.6CVSS8.3AI score0.0061EPSS
CVE
CVE
added 2021/05/14 7:22 p.m.89 views

CVE-2021-29594

This CVE refers to TensorFlow/TFLite: the convolution code in TFLite may perform divisions where the divisor is user-controlled and not checked for zero, risking abnormal behavior or a crash. The root cause is division by zero in the TFLite convolution path (conv.cc). The issue is mitigated by a ...

7.8CVSS5.4AI score0.00201EPSS
CVE
CVE
added 2021/05/14 7:20 p.m.89 views

CVE-2021-29609

TensorFlow SparseAdd (CVE-2021-29609) has incomplete validation for sparse tensor inputs, allowing invalid tensor triples to slip through valid code paths. The vulnerability arises from not validating that inputs are non-empty and that the second dimension of *_indices matches the corresponding *...

7.8CVSS6.3AI score0.00234EPSS
CVE
CVE
added 2021/08/12 6:10 p.m.89 views

CVE-2021-37643

CVE-2021-37643 affects TensorFlow’s MatrixDiagPartOp. The issue arises when a user does not supply a valid padding value, causing a NULL pointer dereference (if input is empty) or invalid behavior that ignores subsequent values. The root cause is reading the first value from a tensor buffer witho...

7.7CVSS7.1AI score0.0016EPSS
CVE
CVE
added 2021/08/12 9:40 p.m.89 views

CVE-2021-37676

TensorFlow CVE-2021-37676 involves a vulnerability in SparseFillEmptyRows where the shape-inference code can bind a null pointer, causing undefined behavior. The issue has been patched in a GitHub commit and the fix is scheduled for TensorFlow 2.6.0, with cherry-picks to 2.5.1, 2.4.3, and 2.3.4 (...

7.8CVSS7.6AI score0.00173EPSS
CVE
CVE
added 2021/08/12 10:30 p.m.89 views

CVE-2021-37683

TensorFlow (TFLite division) vulnerability (CVE-2021-37683): In affected builds, division in TFLite can produce a division-by-zero error because there is no check that the divisor tensor contains zero. The issue was addressed in commit 1e206baedf8bef0334cca3eb92bab134ef525a28 and the fix is plann...

5.5CVSS5.7AI score0.00154EPSS
CVE
CVE
added 2021/11/05 9:50 p.m.89 views

CVE-2021-41207

TensorFlow ParallelConcat vulnerability (CVE-2021-41207) arises from insufficient input validation in the ParallelConcat implementation, which can lead to a division by zero in affected TensorFlow versions. The issue affects multiple releases and is slated to be fixed in TensorFlow 2.7.0; Sony ch...

5.5CVSS5.6AI score0.00136EPSS
CVE
CVE
added 2022/09/16 7:50 p.m.89 views

CVE-2022-35952

TensorFlow CVE-2022-35952 concerns the UnbatchGradOp: passing a non-scalar id or an incorrect batch_index can trigger CHECK failures, crashing the program. The issue affects UnbatchGrad in TensorFlow and is resolved by a patch in commit 5f945fc6409a3c1e90d6970c9292f805f6e6ddf2, with the fix plann...

7.5CVSS6.4AI score0.00558EPSS
CVE
CVE
added 2023/03/27 7:52 p.m.89 views

CVE-2023-25661

CVE-2023-25661: TensorFlow denial-of-service due to improper input validation in Convolution3DTranspose. A crafted input can crash the model in versions before 2.11.1 (PoC demonstrated via Convolution3DTranspose). The issue has been patched; upgrade to TensorFlow 2.11.1 or later. IBM advisories (...

6.5CVSS6.2AI score0.00432EPSS
CVE
CVE
added 2020/09/25 6:40 p.m.88 views

CVE-2020-15198

CVE-2020-15198 affects TensorFlow up to 2.3.0: SparseCountSparseOutput may access heap buffers out of bounds due to missing validation that indices and values shapes match in a sparse tensor. This root cause enables a heap buffer overflow in pre-2.3.1 builds. A fix was committed (3cbb917b47147660...

5.8CVSS5.3AI score0.00537EPSS
CVE
CVE
added 2021/05/14 7:35 p.m.88 views

CVE-2021-29522

TensorFlow CVE-2021-29522 concerns division-by-zero in Conv3DBackprop* paths. Multiple connected sources (NVD entry, OSV advisories, GHSA advisory, CNVD entry, BIT-TENSORFLOW OSV) show that tf.raw_ops.Conv3DBackpropInputV2/Conv3DBackpropFilterV2 may fail to validate non-empty inputs, leading to a...

5.5CVSS4.6AI score0.00189EPSS
CVE
CVE
added 2021/05/14 7:16 p.m.88 views

CVE-2021-29571

TensorFlow DrawBoundingBoxesV2 memory corruption issue (CVE-2021-29571) arises when the last dimension of boxes is

7.8CVSS6.2AI score0.0024EPSS
CVE
CVE
added 2021/05/14 7:16 p.m.88 views

CVE-2021-29572

TensorFlow CVE-2021-29572 is a null pointer dereference in tf.raw_ops.SdcaOptimizer caused by insufficient input validation. Connected sources confirm the issue affects TensorFlow 2.1.4 and other supported releases, with a patch planned in TensorFlow 2.5.0 and back-ported to 2.4.2, 2.3.3, 2.2.3, ...

5.5CVSS4.7AI score0.00189EPSS
CVE
CVE
added 2021/05/14 7:21 p.m.88 views

CVE-2021-29599

TensorFlow: Split TFLite operator vulnerability due to division by zero when num_splits == 0. The issue affects the Split path in TensorFlow’s TFLite kernels; an attacker could craft a model triggering the fault. The fix is scheduled for TensorFlow 2.5.0, with cherry-picks to TF 2.4.2, 2.3.3, 2.2...

7.8CVSS5.3AI score0.00209EPSS
CVE
CVE
added 2021/08/12 10:35 p.m.88 views

CVE-2021-37677

CVE-2021-37677 describes a vulnerability in TensorFlow where the shape inference for tf.raw_ops.Dequantize can segfault and cause a denial of service if invalid arguments are provided. The root cause is missing validation of the axis value used to compute minmax_rank in the shape inference code. ...

5.5CVSS5.6AI score0.00148EPSS
CVE
CVE
added 2021/08/12 10:45 p.m.88 views

CVE-2021-37682

CVE-2021-37682 concerns TensorFlow/TFLite quantization paths where quantization.params may be used without validating quantization.type, allowing potential use of uninitialized values in affected TFLite operations. Connected sources confirm the root cause (missing checks in depthwise conv quantiz...

7.1CVSS5.7AI score0.0018EPSS
CVE
CVE
added 2021/11/05 10:30 p.m.88 views

CVE-2021-41222

TensorFlow SplitV vulnerability (CVE-2021-41222) causes a segmentation fault when size_splits contains more than one value and at least one value is negative. Affected TensorFlow versions include those in the 2.x series referenced for backporting fixes; the issue is resolved by the TensorFlow 2.7...

5.5CVSS5.5AI score0.00181EPSS
CVE
CVE
added 2021/11/05 10:30 p.m.88 views

CVE-2021-41225

CVE-2021-41225 affects TensorFlow’s Grappler optimizer: if train_nodes lacks a Dequeue node, dequeue_node remains uninitialized due to an uninitialized variable in the Grappler code. The documented fix is included in TensorFlow 2.7.0, with cherry-picks for 2.6.1, 2.5.2, and 2.4.4 (still in suppor...

7.8CVSS6.2AI score0.0019EPSS
CVE
CVE
added 2022/02/03 11:28 a.m.88 views

CVE-2022-21733

TensorFlow StringNGrams vulnerability CVE-2022-21733 causes memory exhaustion (OOM) due to missing validation of pad_width, which can result in a negative ngram_width used during output allocation. Affects TensorFlow/StringNGrams path in multiple TF versions; remediation is to upgrade to TensorFl...

6.5CVSS5.5AI score0.00821EPSS
CVE
CVE
added 2022/11/18 12:0 a.m.88 views

CVE-2022-41893

CVE-2022-41893 affects TensorFlow where calling tf.raw_ops.TensorListResize with a nonscalar input for size triggers a CHECK failure, enabling a denial of service as described in the advisory. The root cause is a validation flaw in TensorListResize; a fix was committed (GitHub commit 888e34b49009...

7.5CVSS6AI score0.00439EPSS
CVE
CVE
added 2019/04/24 8:44 p.m.87 views

CVE-2018-7575

CVE-2018-7575 affects Google TensorFlow 1.7.x and earlier. Connected sources describe a buffer/integer overflow in parsing a malicious meta checkpoint: the block size in a meta file may contain a large int64 value, causing an overflow when added and potentially leading to an out-of-bounds read in...

9.8CVSS9.3AI score0.00486EPSS
CVE
CVE
added 2021/05/14 7:10 p.m.87 views

CVE-2021-29551

TensorFlow CVE-2021-29551 relates to MatrixTriangularSolve: the kernel failed to terminate when input validation fails, enabling a potential heap OOB read with crafted tensors. The issue is tied to OP_REQUIRES paths not aborting before using inputs, leading to invalid data usage in bcast construc...

5.5CVSS4.7AI score0.00217EPSS
CVE
CVE
added 2021/08/12 9:15 p.m.87 views

CVE-2021-37652

TensorFlow Bug: BoostedTreesCreateEnsemble uses a reference-counted resource that was refactored to a smart pointer; when initialization fails, a later scope exit frees the resource even if its refcount is 0, causing a use-after-free. A patch (commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab) fixe...

7.8CVSS7.8AI score0.00173EPSS
CVE
CVE
added 2021/08/12 8:30 p.m.87 views

CVE-2021-37654

CVE-2021-37654 (TensorFlow) is tied to a Heap OOB read and a CHECK-fail in tf.raw_ops.ResourceGather when batch_dims can exceed the input rank. The issue stems from not validating batch_dims, causing out-of-bounds reads via multiple loops over tensor dimensions. A patch was committed (bc9c546ce70...

7.3CVSS7.1AI score0.00167EPSS
CVE
CVE
added 2021/08/12 8:50 p.m.87 views

CVE-2021-37656

TensorFlow CVE-2021-37656 affects RaggedTensorToSparse, caused by incomplete validation of splits values which can bind a reference to a null pointer, leading to undefined behavior. The issue is addressed by a patch in the cited commit and will be included in TensorFlow 2.6.0, with backports to 2...

7.8CVSS7.3AI score0.00167EPSS
CVE
CVE
added 2021/08/12 5:35 p.m.87 views

CVE-2021-37660

CVE-2021-37660 describes a division-by-zero flaw in TensorFlow’s inplace operations due to a logic error in inplace_ops.cc. The faulty condition uses || instead of &&, allowing a floating-point exception when crafted inputs are provided. The issue has been patched in the GitHub commit e86605c0a33...

5.5CVSS5.7AI score0.00154EPSS
CVE
CVE
added 2021/11/05 10:10 p.m.87 views

CVE-2021-41213

TensorFlow vulnerability CVE-2021-41213 involves deadlock in mutually recursive tf.function objects caused by a non-reentrant Lock. Affected: TensorFlow releases with tf.function recursion support. Impact: potential denial of service by loading models containing mutually recursive tf.function fun...

5.5CVSS5.5AI score0.00235EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.87 views

CVE-2022-23573

TensorFlow's AssignOp implementation can copy uninitialized data to a new tensor, causing undefined behavior. This CVE (CVE-2022-23573) affects the TensorFlow core kernel related to AssignOp. The issue arises because the left-hand side is initialized, but the right-hand side is not checked for in...

8.8CVSS7.9AI score0.00755EPSS
CVE
CVE
added 2022/09/16 9:40 p.m.87 views

CVE-2022-35985

CVE-2022-35985: In TensorFlow, LRNGrad raises a denial-of-service risk when output_image is not 4-D, triggering a CHECK failure. The issue was patched in commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255 and the fix is planned for TensorFlow 2.10.0, with cherry-picks on TF 2.9.1, 2.8.1, and 2.7.2 (...

7.5CVSS6.4AI score0.00396EPSS
CVE
CVE
added 2022/09/16 10:10 p.m.87 views

CVE-2022-36016

TensorFlow CVE-2022-36016: A CHECK failure in tensorflow::full_type::SubstituteFromAttrs triggers when FullTypeDef& t has not exactly three args. This can cause a denial-of-service-like impact via a crash. A patch is committed (6104f0d4091c260ce9352f9155f7e9b725eab012) and will be included in Ten...

7.5CVSS6.5AI score0.00547EPSS
Total number of security vulnerabilities431