tensorflow is vulnerable to denial of service. The vulnerability exists due to the lack of validation of the value of axis
and an out-of-bound access allowing an attacker to crash the system via the implementation of Dequantize
.
github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/dequantize_op.cc#L92-L153
github.com/tensorflow/tensorflow/commit/23968a8bf65b009120c43b5ebcceaf52dbc9e943
github.com/tensorflow/tensorflow/pull/53880/commits/89f21a0a1fe320935a3c7c567b26a07384b95b65
github.com/tensorflow/tensorflow/pull/53881/commits/81156a5ad731c7dd2b2952c301e0f1d705e0dd14
github.com/tensorflow/tensorflow/pull/53882/commits/0e152251b3ce5e98745569d78f604f282a75d19c
github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72