tensorflow is vulnerable to denial of service. An attacker can crash the application through the GraphDef
in tensorflow SavedModel
by providing an invalid argument to ctor_type
.
github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L560-L567
github.com/tensorflow/tensorflow/commit/94c748eebe366adef4c0d47bbb7348dcc0d5433d
github.com/tensorflow/tensorflow/commit/955059813cc325dc1db5e2daa6221271406d4439
github.com/tensorflow/tensorflow/commit/ae7976631d87dfad52f8971369d14067447d1c02
github.com/tensorflow/tensorflow/commit/b49a624c0692a5688c29062abab600bb6e8568e1
github.com/tensorflow/tensorflow/security/advisories/GHSA-pqrv-8r2f-7278