tensorflow is vulnerable to denial of service. An attacker can crash the application through the segmentation fault by passing a nonzero rank when QuantizedAvgPool
is given min_input
or max_input
tensors to the quantized_pooling_ops.cc
.
github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89
github.com/tensorflow/tensorflow/commit/89104e563d186a5ef836bbebcc332892ba42c9c7
github.com/tensorflow/tensorflow/commit/9814beb2ae38986d69495068dda1bcccdb6e68d2
github.com/tensorflow/tensorflow/commit/f99e392807ad40d5901b4fb28beeb469f18ee92c
github.com/tensorflow/tensorflow/pull/57349
github.com/tensorflow/tensorflow/pull/57350
github.com/tensorflow/tensorflow/pull/57351
github.com/tensorflow/tensorflow/pull/57953
github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x