tensorflow is vulnerable to denial of service (DoS) attacks. A malicious user is able to cause denial of service conditions by providing an input value that does not fit into an int64_t
through RangeSize
, causing the application to crash.
github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc
github.com/tensorflow/tensorflow/commit/37e64539cd29fcfb814c4451152a60f5d107b0f0
github.com/tensorflow/tensorflow/commit/66ab838126f0b0dd8854276fbef00d10268268a3
github.com/tensorflow/tensorflow/commit/cbde246f3141301d2bd366790f50c5d87ed095e7
github.com/tensorflow/tensorflow/commit/d14d72d41c8c2a9dd12d6342f904db57b36ea4ec
github.com/tensorflow/tensorflow/pull/57339
github.com/tensorflow/tensorflow/pull/57340
github.com/tensorflow/tensorflow/pull/57341
github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j