tensorflow is vulnerable to denial of service (DoS) attacks. A remote attacker is able to trigger a CHECK-fail
mechanism instead of returning a status by providing invalid number of arguments through FullTypeDef& t
to tensorflow::full_type::SubstituteFromAttrs
, causing an application crash.
github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc
github.com/tensorflow/tensorflow/commit/6104f0d4091c260ce9352f9155f7e9b725eab012
github.com/tensorflow/tensorflow/commit/634b80a6ee614cee787befd371f31269911b0d19
github.com/tensorflow/tensorflow/commit/acde01943417fbaf6dac1fdee806eb9e33e746b0
github.com/tensorflow/tensorflow/pull/57336
github.com/tensorflow/tensorflow/pull/57413
github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc