tensorflow is vulnerable to denial of service. The vulnerability exists due to the lack of input validation in the tf.raw_ops.QuantizedConv2D
of quantized_conv_ops.cc
, resulting in a null pointer dereferences, allowing an attacker to crash the application by providing zero-sized inputs.
github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantized_conv_ops.cc
github.com/tensorflow/tensorflow/commit/0f0b080ecde4d3dfec158d6f60da34d5e31693c4
github.com/tensorflow/tensorflow/commit/18fdb48ca2d54bc00970b6cf9ce398e55f55b623
github.com/tensorflow/tensorflow/commit/59d2d8d7122e13d119300490914048d151da1787
github.com/tensorflow/tensorflow/commit/ce879bbc4e02aa5e49d6f323f6b9a57cfc1ee942
github.com/tensorflow/tensorflow/commit/efc6838db1b43626660ec428732fc3dd70c4bde5
github.com/tensorflow/tensorflow/pull/55898
github.com/tensorflow/tensorflow/pull/55899
github.com/tensorflow/tensorflow/pull/55900
github.com/tensorflow/tensorflow/pull/55901
github.com/tensorflow/tensorflow/releases/tag/v2.6.4
github.com/tensorflow/tensorflow/releases/tag/v2.7.2
github.com/tensorflow/tensorflow/releases/tag/v2.8.1
github.com/tensorflow/tensorflow/releases/tag/v2.9.0
github.com/tensorflow/tensorflow/releases/tag/v2.9.0-rc2
github.com/tensorflow/tensorflow/security/advisories/GHSA-pqhm-4wvf-2jg8