tensorflow is vulnerable to denial of service. The vulnerability exists in the BincountOp
function in bincount_op.cc
due to check fail inDenseBincount
which allows an attacker to cause an application crash by providing malicious input.
github.com/advisories/GHSA-w62h-8xjm-fv49
github.com/tensorflow/tensorflow/commit/3663d57c244d8878c79f5d2aaa29fa7646ec3e38
github.com/tensorflow/tensorflow/commit/425af2ea03ec37735f5dd87b0389a7045a225cdf
github.com/tensorflow/tensorflow/commit/8018bb9471fc439e8e4339de1097cd5d7bc0f77f
github.com/tensorflow/tensorflow/commit/bf4c14353c2328636a18bfad1e151052c81d5f43
github.com/tensorflow/tensorflow/pull/57433
github.com/tensorflow/tensorflow/pull/57434
github.com/tensorflow/tensorflow/pull/57435
github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49