tensorflow is vulnerable to denial of service. The vulnerability exists because the library does not properly validate the quantize ops inputs, allowing an attacker to crash the application through the segmentation fault by passing a nonzero rank when QuantizedInstanceNorm
is given x_min
or x_max
tensors.
github.com/tensorflow/tensorflow/commit/4b4f8c9f33e8216331233e30cd27bc72b803ff1a
github.com/tensorflow/tensorflow/commit/6840ef99b35ee1d44de559002d3f86813ca9b8d4
github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0
github.com/tensorflow/tensorflow/commit/ea48fdb5267bc82ea6756c1b81bde7e5efac8cfe
github.com/tensorflow/tensorflow/pull/57265
github.com/tensorflow/tensorflow/pull/57266
github.com/tensorflow/tensorflow/pull/57267
github.com/tensorflow/tensorflow/pull/57953
github.com/tensorflow/tensorflow/security/advisories/GHSA-g35r-369w-3fqp