tensorflow is vulnerable to denial of service. An attacker can crash the application through the segmentation fault by passing a nonzero rank when QuantizedAvgPool
is given min_input
or max_input
tensors to the quantized_pooling_ops.cc
in eager mode.
github.com/tensorflow/tensorflow/commit/1a1d14ef96d8d2d2b19ec6df619742a0c35d149d
github.com/tensorflow/tensorflow/commit/55a2e6542687ca48cd5b43909a519545319a8863
github.com/tensorflow/tensorflow/commit/7cdf9d4d2083b739ec81cfdace546b0c99f50622
github.com/tensorflow/tensorflow/commit/94521ecd10ffa4c4d73787b30290825c0539bf33
github.com/tensorflow/tensorflow/pull/57347
github.com/tensorflow/tensorflow/pull/57348
github.com/tensorflow/tensorflow/pull/57352
github.com/tensorflow/tensorflow/pull/57953
github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9