430 matches found
CVE-2021-41195
TensorFlow is an open source platform for machine learning. In affected versions the implementation of tf.math.segment_* operations results in a CHECK-fail related abort (and denial of service) if a segment id in segment_ids is large. This is similar to CVE-2021-29584 (and similar other reported vu...
CVE-2021-41212
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFl...
CVE-2022-35940
TensorFlow is an open source platform for machine learning. The RaggedRangOp function takes an argument limits that is eventually used to construct a TensorShape as an int64. If limits is a very large float, it can overflow when converted to an int64. This triggers an InvalidArgument but also throw...
CVE-2022-35989
TensorFlow is an open source platform for machine learning. When MaxPool receives a window size input array ksize with dimensions greater than its input tensor input, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
CVE-2021-41215
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serialize_sparse tensor is a tensor with positive rank (and having 3 ...
CVE-2021-41217
TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the ...
CVE-2022-35968
TensorFlow is an open source platform for machine learning. The implementation of AvgPoolGrad does not fully validate the input orig_input_shape. This results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b1...
CVE-2022-35982
TensorFlow is an open source platform for machine learning. If SparseBincount is given inputs for indices, values, and dense_shape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 40ad...
CVE-2022-36001
TensorFlow is an open source platform for machine learning. When DrawBoundingBoxes receives an input boxes that is not of dtype float, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix will...
CVE-2018-7576
Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent.
CVE-2021-29512
TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensor(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from ...
CVE-2021-41207
TensorFlow is an open source platform for machine learning. In affected versions the implementation of ParallelConcat misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2...
CVE-2021-41219
TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empty ...
CVE-2021-41226
TensorFlow is an open source platform for machine learning. In affected versions the implementation of SparseBinCount is vulnerable to a heap OOB access. This is because of missing validation between the elements of the values argument and the shape of the sparse output. The fix will be included in...
CVE-2022-35969
TensorFlow is an open source platform for machine learning. The implementation of Conv2DBackpropInput requires input_sizes to be 4-dimensional. Otherwise, it gives a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 50156d547b9a1da0144...
CVE-2020-26271
In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node...
CVE-2021-41209
TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, Tens...
CVE-2022-35972
TensorFlow is an open source platform for machine learning. If QuantizedBiasAdd is given min_input, max_input, min_bias, max_bias tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759...
CVE-2022-35967
TensorFlow is an open source platform for machine learning. If QuantizedAdd is given min_input or max_input tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89...
CVE-2022-35964
TensorFlow is an open source platform for machine learning. The implementation of BlockLSTMGradV2 does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 2a458fc4866505be27c62f81474ecb2b87049...
CVE-2021-41201
TensorFlow is an open source platform for machine learning. In affeced versions during execution, EinsumHelper::ParseEquation() is supposed to set the flags in input_has_ellipsis vector and *output_has_ellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. Ho...
CVE-2022-35981
TensorFlow is an open source platform for machine learning. FractionalMaxPoolGrad validates its inputs with CHECK failures instead of with returning errors. If it gets incorrectly sized inputs, the CHECK failure can be used to trigger a denial of service attack. We have patched the issue in GitHub ...
CVE-2025-0649
Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash.
CVE-2021-41203
TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is...
CVE-2021-41220
TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::move()d from are still acces...
CVE-2021-41224
TensorFlow is an open source platform for machine learning. In affected versions the implementation of SparseFillEmptyRows can be made to trigger a heap OOB access. This occurs whenever the size of indices does not match the size of values. The fix will be included in TensorFlow 2.7.0. We will also...
CVE-2023-33976
TensorFlow is an end-to-end open source platform for machine learning. array_ops.upper_bound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12.
CVE-2022-35938
TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been patc...
CVE-2020-26269
In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel implementat...
CVE-2021-41211
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array. This occurs whenever axis is a negative value less than -1. In this case, we are accessing data before the start of ...