tensorflow is vulnerable to denial of service. The vulnerability exists because the PrintOneDimV2
function of tensor.cc
does not properly convert char
values to bool
, allowing an attacker to cause an application crash.
github.com/tensorflow/tensorflow/blob/807cae8a807960fd7ac2313cde73a11fc15e7942/tensorflow/core/framework/tensor.cc#L1200-L1227
github.com/tensorflow/tensorflow/commit/1be743703279782a357adbf9b77dcb994fe8b508
github.com/tensorflow/tensorflow/commit/288cc53de7d06174be2412022da6bd52f7f1f70f
github.com/tensorflow/tensorflow/commit/408e4be1a25cb9d45499647e01fdb93be9d09a1a
github.com/tensorflow/tensorflow/commit/cb11273652b3bfb08ca3a67fd3f8417d011ec869
github.com/tensorflow/tensorflow/commit/e435225b4334a8e39226c9067425f2aab7f9fc31
github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j