Tensorflow@2.10.0 Security Vulnerabilities and Issues — Tensorflow@2.10.0 CVE List

Lucene search

GoogleTensorflow2.10.0

13 matches found

CVE•added 2022/11/18 10:15 p.m.•141 views

CVE-2022-41900

TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remot...

9.8CVSS8.6AI score0.01153EPSS

CVE•added 2022/12/06 10:15 p.m.•134 views

CVE-2022-41910

TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have ...

9.1CVSS6.8AI score0.00159EPSS

CVE•added 2022/11/18 10:15 p.m.•97 views

CVE-2022-41909

TensorFlow is an open source platform for machine learning. An input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.raw_ops.CompositeTensorVariantToComponents. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89...

7.5CVSS6.2AI score0.00307EPSS

CVE•added 2022/12/06 10:15 p.m.•89 views

CVE-2022-41902

9.1CVSS7.9AI score0.00205EPSS

CVE•added 2022/11/18 10:15 p.m.•81 views

CVE-2022-41911

TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a const char* array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so sanitizer...

7.5CVSS6.1AI score0.00067EPSS

CVE•added 2022/11/18 10:15 p.m.•79 views

CVE-2022-41885

TensorFlow is an open source platform for machine learning. When tf.raw_ops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick ...

7.5CVSS6.2AI score0.00086EPSS

CVE•added 2022/11/18 10:15 p.m.•76 views

CVE-2022-41887

TensorFlow is an open source platform for machine learning. tf.keras.losses.poisson receives a y_pred and y_true that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched...

7.5CVSS6.3AI score0.00092EPSS

CVE•added 2022/11/18 10:15 p.m.•76 views

CVE-2022-41899

TensorFlow is an open source platform for machine learning. Inputs dense_features or example_state_data not of rank 2 will trigger a CHECK fail in SdcaOptimizer. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will...

7.5CVSS6.2AI score0.00108EPSS

CVE•added 2022/11/18 10:15 p.m.•71 views

CVE-2022-41908

TensorFlow is an open source platform for machine learning. An input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.raw_ops.PyFunc. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also ch...

7.5CVSS6.2AI score0.00198EPSS

CVE•added 2022/11/18 10:15 p.m.•70 views

CVE-2022-41880

TensorFlow is an open source platform for machine learning. When the BaseCandidateSamplerOp function receives a value in true_classes larger than range_max, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in Tenso...

9.1CVSS7.8AI score0.00103EPSS

CVE•added 2022/11/18 10:15 p.m.•69 views

CVE-2022-41886

TensorFlow is an open source platform for machine learning. When tf.raw_ops.ImageProjectiveTransformV2 is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypi...

7.5CVSS6.2AI score0.00086EPSS

CVE•added 2022/11/18 10:15 p.m.•64 views

CVE-2022-41884

TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be incl...

7.5CVSS6.1AI score0.00094EPSS

CVE•added 2022/11/18 9:15 p.m.•63 views

CVE-2022-41883

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We wi...

7.5CVSS7.1AI score0.00082EPSS