tensorflow is vulnerable to denial of service. The vulnerability exists in Compute
function of list_kernels.cc
because the it doesn’t properly handle the size of num_elements
which allows an attacker to provide more than one element causing an application crash.
github.com/tensorflow/tensorflow/blob/c8ba76d48567aed347508e0552a257641931024d/tensorflow/core/kernels/list_kernels.cc#L322-L325
github.com/tensorflow/tensorflow/commit/5a548647aabf509acc0f2b7df4d828180f9f8879
github.com/tensorflow/tensorflow/commit/60ed7ceb65dfc16d0b4b50ff59510e57a1552fa3
github.com/tensorflow/tensorflow/commit/66b0c02c2b401efb0cff629e5afdf57b88e05ebd
github.com/tensorflow/tensorflow/commit/7deee01cb4d362863e3a21f7d82d491dedd15fae
github.com/tensorflow/tensorflow/commit/b5f6fbfba76576202b72119897561e3bd4f179c7
github.com/tensorflow/tensorflow/pull/57344
github.com/tensorflow/tensorflow/pull/57345
github.com/tensorflow/tensorflow/pull/57346
github.com/tensorflow/tensorflow/pull/57464
github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4