tensorflow is vulnerable to Denial of Service (DoS) attacks. A malicious user is able to trigger a null pointer exception in the SummarizeArray
function when the parameter summarize
of tf.raw_ops.Print
is zero, leading to a segmentation fault, causing the application to crash.
github.com/advisories/GHSA-qjqc-vqcf-5qvj
github.com/tensorflow/tensorflow/commit/1e97069ff18542e4f3ac70005442902c1abec154
github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1
github.com/tensorflow/tensorflow/pull/59544
github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj