tensorflow is vulnerable to denial of service (DoS) attacks. A malicious user is able to cause denial of service conditions by providing the element_shape
in TensorListFromTensor
with a rank greater than one, which gives a CHECK
fail, triggering an application crash.
github.com/tensorflow/tensorflow/commit/3db59a042a38f4338aa207922fa2f476e000a6ee
github.com/tensorflow/tensorflow/commit/9d5a328b0a7ebbe79ef2414c0c6201ca1c19349c
github.com/tensorflow/tensorflow/commit/aeeb72b54b8c53b9392c0b8fb54672d07197e2f8
github.com/tensorflow/tensorflow/commit/df922d42d1c603245bc882550f64f7e59223dea7
github.com/tensorflow/tensorflow/pull/57316
github.com/tensorflow/tensorflow/pull/57317
github.com/tensorflow/tensorflow/pull/57318
github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp