tensorflow is vulnerable to denial of service. The vulnerability exists in tensor_slice_writer.cc
and its respective header file because the dtypes are not properly checked when running Save
and SaveSlices
which allows an attacker to send unsupported dtypes causing an application crash.
github.com/tensorflow/tensorflow/commit/5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4
github.com/tensorflow/tensorflow/commit/83b5ffedc044f71d8fb0a120ee47f4544f698ef3
github.com/tensorflow/tensorflow/commit/90d95116b5e97822b1b197af17f808a3f3c47a60
github.com/tensorflow/tensorflow/commit/dcfa6a6f797d17c542e9b5cb034e05f7dff1edb7
github.com/tensorflow/tensorflow/pull/57278
github.com/tensorflow/tensorflow/pull/57279
github.com/tensorflow/tensorflow/pull/57280
github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4