| Fixing_vulnerabilities |
| 0 |
| url |
VCID-11qd-d7c7-sbdm |
| vulnerability_id |
VCID-11qd-d7c7-sbdm |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusion. The `axis` argument is translated into `concat_dim` in the `ConcatShapeHelper` helper function. Then, a value for `min_rank` is computed based on `concat_dim`. This is then used to validate that the `values` tensor has at least the required rank. However, `WithRankAtLeast` receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that `min_rank` is a 32-bits value and the value of `axis`, the `rank` argument is a negative value, so the error check is bypassed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-21731, CVE-2022-21731, GHSA-m4hf-j54p-p353, PYSEC-2022-110, PYSEC-2022-55
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-11qd-d7c7-sbdm |
|
| 1 |
| url |
VCID-145d-k5w3-tfgz |
| vulnerability_id |
VCID-145d-k5w3-tfgz |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or `CHECK`-fails when building new `TensorShape` objects (so, assert failures based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23567, CVE-2022-23567, GHSA-rrx2-r989-2c43, PYSEC-2022-131, PYSEC-2022-76
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-145d-k5w3-tfgz |
|
| 2 |
| url |
VCID-15nt-6tff-k7gb |
| vulnerability_id |
VCID-15nt-6tff-k7gb |
| summary |
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23587, CVE-2022-23587, GHSA-8jj7-5vxc-pg2q, PYSEC-2022-151, PYSEC-2022-96
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-15nt-6tff-k7gb |
|
| 3 |
| url |
VCID-1ah5-hm7a-ykep |
| vulnerability_id |
VCID-1ah5-hm7a-ykep |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-21730, CVE-2022-21730, GHSA-vjg4-v33c-ggc4, PYSEC-2022-109, PYSEC-2022-54
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1ah5-hm7a-ykep |
|
| 4 |
| url |
VCID-39ck-bm9t-kqhs |
| vulnerability_id |
VCID-39ck-bm9t-kqhs |
| summary |
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23557, CVE-2022-23557, GHSA-gf2j-f278-xh4v, PYSEC-2022-121, PYSEC-2022-66
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-39ck-bm9t-kqhs |
|
| 5 |
| url |
VCID-3czq-3twf-skcg |
| vulnerability_id |
VCID-3czq-3twf-skcg |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23573, CVE-2022-23573, GHSA-q85f-69q7-55h2, PYSEC-2022-137, PYSEC-2022-82
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3czq-3twf-skcg |
|
| 6 |
| url |
VCID-3g5a-5csn-h3d9 |
| vulnerability_id |
VCID-3g5a-5csn-h3d9 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23588, CVE-2022-23588, GHSA-fx5c-h9f6-rv7c, PYSEC-2022-152, PYSEC-2022-97
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3g5a-5csn-h3d9 |
|
| 7 |
| url |
VCID-466y-e26r-rka4 |
| vulnerability_id |
VCID-466y-e26r-rka4 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23595, CVE-2022-23595, GHSA-fpcp-9h7m-ffpx, PYSEC-2022-103, PYSEC-2022-158
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-466y-e26r-rka4 |
|
| 8 |
| url |
VCID-5tpp-sf62-zycs |
| vulnerability_id |
VCID-5tpp-sf62-zycs |
| summary |
Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in `mktemp` and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the `mktemp` function usage. We have patched the issue in several commits, replacing `mktemp` with the safer `mkstemp`/`mkdtemp` functions, according to the usage pattern. Users are advised to upgrade as soon as possible. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23563, CVE-2022-23563, GHSA-wc4g-r73w-x8mm, PYSEC-2022-127, PYSEC-2022-72
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5tpp-sf62-zycs |
|
| 9 |
| url |
VCID-6888-uhtp-8ub6 |
| vulnerability_id |
VCID-6888-uhtp-8ub6 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious users to cause denial of service by passing in arguments which would trigger a `CHECK`-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in `CHECK` failures later when the output tensors get allocated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-21737, CVE-2022-21737, GHSA-f2vv-v9cg-qhh7, PYSEC-2022-116, PYSEC-2022-61
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6888-uhtp-8ub6 |
|
| 10 |
| url |
VCID-6gnj-az99-h7b4 |
| vulnerability_id |
VCID-6gnj-az99-h7b4 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalMaxPool` can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-21735, CVE-2022-21735, GHSA-87v6-crgm-2gfj, PYSEC-2022-114, PYSEC-2022-59
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6gnj-az99-h7b4 |
|
| 11 |
| url |
VCID-83pe-ztey-dbf4 |
| vulnerability_id |
VCID-83pe-ztey-dbf4 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via `CHECK`-fails (i.e., assertion failures). This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. It is possible that other similar instances exist in TensorFlow, we will issue fixes as these are discovered. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23569, CVE-2022-23569, GHSA-qj5r-f9mv-rffh, PYSEC-2022-133, PYSEC-2022-78
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-83pe-ztey-dbf4 |
|
| 12 |
| url |
VCID-97cs-4kx3-37gm |
| vulnerability_id |
VCID-97cs-4kx3-37gm |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on `pad_witdh` and that result in computing a negative value for `ngram_width` which is later used to allocate parts of the output. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-21733, CVE-2022-21733, GHSA-98j8-c9q4-r38g, PYSEC-2022-112, PYSEC-2022-57
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-97cs-4kx3-37gm |
|
| 13 |
| url |
VCID-9arh-a8wj-wka6 |
| vulnerability_id |
VCID-9arh-a8wj-wka6 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-21734, CVE-2022-21734, GHSA-gcvh-66ff-4mwm, PYSEC-2022-113, PYSEC-2022-58
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9arh-a8wj-wka6 |
|
| 14 |
| url |
VCID-akmu-fas1-33h6 |
| vulnerability_id |
VCID-akmu-fas1-33h6 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-21741, CVE-2022-21741, GHSA-428x-9xc2-m8mj, PYSEC-2022-120, PYSEC-2022-65
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-akmu-fas1-33h6 |
|
| 15 |
| url |
VCID-axj7-aq9m-rqdu |
| vulnerability_id |
VCID-axj7-aq9m-rqdu |
| summary |
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23571, CVE-2022-23571, GHSA-j3mj-fhpq-qqjj, PYSEC-2022-135, PYSEC-2022-80
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-axj7-aq9m-rqdu |
|
| 16 |
| url |
VCID-ccv1-pgda-r7ba |
| vulnerability_id |
VCID-ccv1-pgda-r7ba |
| summary |
Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23566, CVE-2022-23566, GHSA-5qw5-89mw-wcg2, PYSEC-2022-130, PYSEC-2022-75
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ccv1-pgda-r7ba |
|
| 17 |
| url |
VCID-cwvm-wntu-tfck |
| vulnerability_id |
VCID-cwvm-wntu-tfck |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23579, CVE-2022-23579, GHSA-5f2r-qp73-37mr, PYSEC-2022-143, PYSEC-2022-88
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cwvm-wntu-tfck |
|
| 18 |
| url |
VCID-d3dc-su6w-s3ag |
| vulnerability_id |
VCID-d3dc-su6w-s3ag |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-21726, CVE-2022-21726, GHSA-23hm-7w47-xw72, PYSEC-2022-105, PYSEC-2022-50
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d3dc-su6w-s3ag |
|
| 19 |
| url |
VCID-egc6-6pwr-fyej |
| vulnerability_id |
VCID-egc6-6pwr-fyej |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23577, CVE-2022-23577, GHSA-8cxv-76p7-jxwr, PYSEC-2022-141, PYSEC-2022-86
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-egc6-6pwr-fyej |
|
| 20 |
| url |
VCID-en5f-xtha-cyhp |
| vulnerability_id |
VCID-en5f-xtha-cyhp |
| summary |
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23586, CVE-2022-23586, GHSA-43jf-985q-588j, PYSEC-2022-150, PYSEC-2022-95
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-en5f-xtha-cyhp |
|
| 21 |
| url |
VCID-ev23-kazv-nkas |
| vulnerability_id |
VCID-ev23-kazv-nkas |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23575, CVE-2022-23575, GHSA-c94w-c95p-phf8, PYSEC-2022-139, PYSEC-2022-84
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ev23-kazv-nkas |
|
| 22 |
| url |
VCID-ev84-gxjn-6bf1 |
| vulnerability_id |
VCID-ev84-gxjn-6bf1 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow weakness. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes `axis + 1`, an attacker can trigger an integer overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-21727, CVE-2022-21727, GHSA-c6fh-56w7-fvjw, PYSEC-2022-106, PYSEC-2022-51
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ev84-gxjn-6bf1 |
|
| 23 |
| url |
VCID-eyqx-7k24-zfhq |
| vulnerability_id |
VCID-eyqx-7k24-zfhq |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-21738, CVE-2022-21738, GHSA-x4qx-4fjv-hmw6, PYSEC-2022-117, PYSEC-2022-62
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eyqx-7k24-zfhq |
|
| 24 |
| url |
VCID-f25m-udat-n3fd |
| vulnerability_id |
VCID-f25m-udat-n3fd |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23562, CVE-2022-23562, GHSA-qx3f-p745-w4hr, PYSEC-2022-126, PYSEC-2022-71
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f25m-udat-n3fd |
|
| 25 |
| url |
VCID-f3cx-k63z-7qde |
| vulnerability_id |
VCID-f3cx-k63z-7qde |
| summary |
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23559, CVE-2022-23559, GHSA-98p5-x8x4-c9m5, PYSEC-2022-123, PYSEC-2022-68
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f3cx-k63z-7qde |
|
| 26 |
| url |
VCID-fggx-3rzd-8kf5 |
| vulnerability_id |
VCID-fggx-3rzd-8kf5 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23585, CVE-2022-23585, GHSA-fq6p-6334-8gr4, PYSEC-2022-149, PYSEC-2022-94
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fggx-3rzd-8kf5 |
|
| 27 |
| url |
VCID-g8er-52ns-j7b1 |
| vulnerability_id |
VCID-g8er-52ns-j7b1 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-21728, CVE-2022-21728, GHSA-6gmv-pjp9-p8w8, PYSEC-2022-107, PYSEC-2022-52
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g8er-52ns-j7b1 |
|
| 28 |
| url |
VCID-g8ts-ghhv-33e3 |
| vulnerability_id |
VCID-g8ts-ghhv-33e3 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23580, CVE-2022-23580, GHSA-627q-g293-49q7, PYSEC-2022-144, PYSEC-2022-89
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ts-ghhv-33e3 |
|
| 29 |
| url |
VCID-gg98-zkw8-5ben |
| vulnerability_id |
VCID-gg98-zkw8-5ben |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-21725, CVE-2022-21725, GHSA-v3f7-j968-4h5f, PYSEC-2022-104, PYSEC-2022-49
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gg98-zkw8-5ben |
|
| 30 |
| url |
VCID-hujj-6vv2-u3c2 |
| vulnerability_id |
VCID-hujj-6vv2-u3c2 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don't match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23583, CVE-2022-23583, GHSA-gjqc-q9g6-q2j3, PYSEC-2022-147, PYSEC-2022-92
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hujj-6vv2-u3c2 |
|
| 31 |
| url |
VCID-jdud-ufqp-4yg5 |
| vulnerability_id |
VCID-jdud-ufqp-4yg5 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23591, CVE-2022-23591, GHSA-247x-2f9f-5wp7, PYSEC-2022-100, PYSEC-2022-155
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jdud-ufqp-4yg5 |
|
| 32 |
| url |
VCID-ky4u-eny7-33fy |
| vulnerability_id |
VCID-ky4u-eny7-33fy |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-21729, CVE-2022-21729, GHSA-34f9-hjfq-rr8j, PYSEC-2022-108, PYSEC-2022-53
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ky4u-eny7-33fy |
|
| 33 |
| url |
VCID-m4na-tgrp-d7fk |
| vulnerability_id |
VCID-m4na-tgrp-d7fk |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23576, CVE-2022-23576, GHSA-wm93-f238-7v37, PYSEC-2022-140, PYSEC-2022-85
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m4na-tgrp-d7fk |
|
| 34 |
| url |
VCID-mtqg-yga8-eqeu |
| vulnerability_id |
VCID-mtqg-yga8-eqeu |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23581, CVE-2022-23581, GHSA-fq86-3f29-px2c, PYSEC-2022-145, PYSEC-2022-90
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mtqg-yga8-eqeu |
|
| 35 |
| url |
VCID-n62z-1akp-ebck |
| vulnerability_id |
VCID-n62z-1akp-ebck |
| summary |
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23584, CVE-2022-23584, GHSA-24x4-6qmh-88qg, PYSEC-2022-148, PYSEC-2022-93
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n62z-1akp-ebck |
|
| 36 |
| url |
VCID-ngkq-s26c-qkfj |
| vulnerability_id |
VCID-ngkq-s26c-qkfj |
| summary |
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23589, CVE-2022-23589, GHSA-9px9-73fg-3fqp, PYSEC-2022-153, PYSEC-2022-98
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ngkq-s26c-qkfj |
|
| 37 |
| url |
VCID-pe9p-a7nn-8bhj |
| vulnerability_id |
VCID-pe9p-a7nn-8bhj |
| summary |
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would trigger `CHECK` failures. `TensorShape` constructor throws a `CHECK`-fail if shape is partial or has a number of elements that would overflow the size of an `int`. The `PartialTensorShape` constructor instead does not cause a `CHECK`-abort if the shape is partial, which is exactly what this function needs to be able to return `-1`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23582, CVE-2022-23582, GHSA-4j82-5ccr-4r8v, PYSEC-2022-146, PYSEC-2022-91
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pe9p-a7nn-8bhj |
|
| 38 |
| url |
VCID-q4zv-syab-bbh8 |
| vulnerability_id |
VCID-q4zv-syab-bbh8 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An attacker can control model inputs such that `computed_size` overflows the size of `int` datatype. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23558, CVE-2022-23558, GHSA-9gwq-6cwj-47h3, PYSEC-2022-122, PYSEC-2022-67
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q4zv-syab-bbh8 |
|
| 39 |
| url |
VCID-qgr6-bqrc-puhs |
| vulnerability_id |
VCID-qgr6-bqrc-puhs |
| summary |
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Users are advised to upgrade as soon as possible. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23560, CVE-2022-23560, GHSA-4hvf-hxvg-f67v, PYSEC-2022-124, PYSEC-2022-69
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qgr6-bqrc-puhs |
|
| 40 |
| url |
VCID-qxqd-f1bw-y7h4 |
| vulnerability_id |
VCID-qxqd-f1bw-y7h4 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger a denial of service attack by allocating too much memory. This is because the `num_threads` argument is only checked to not be negative, but there is no upper bound on its value. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-21732, CVE-2022-21732, GHSA-c582-c96p-r5cq, PYSEC-2022-111, PYSEC-2022-56
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qxqd-f1bw-y7h4 |
|
| 41 |
| url |
VCID-rsau-jvcr-uudd |
| vulnerability_id |
VCID-rsau-jvcr-uudd |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain condition it can be made to dereference a `nullptr` value. The 3 input arguments to `SparseTensorSliceDataset` represent a sparse tensor. However, there are some preconditions that these arguments must satisfy but these are not validated in the implementation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-21736, CVE-2022-21736, GHSA-pfjj-m3jj-9jc9, PYSEC-2022-115, PYSEC-2022-60
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rsau-jvcr-uudd |
|
| 42 |
| url |
VCID-ugta-nt2s-27fk |
| vulnerability_id |
VCID-ugta-nt2s-27fk |
| summary |
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23572, CVE-2022-23572, GHSA-rww7-2gpw-fv6j, PYSEC-2022-136, PYSEC-2022-81
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ugta-nt2s-27fk |
|
| 43 |
| url |
VCID-v2nf-1526-nkbp |
| vulnerability_id |
VCID-v2nf-1526-nkbp |
| summary |
Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23565, CVE-2022-23565, GHSA-4v5p-v5h9-6xjx, PYSEC-2022-129, PYSEC-2022-74
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v2nf-1526-nkbp |
|
| 44 |
| url |
VCID-vfgz-fss4-wbgu |
| vulnerability_id |
VCID-vfgz-fss4-wbgu |
| summary |
Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23574, CVE-2022-23574, GHSA-77gp-3h4r-6428, PYSEC-2022-138, PYSEC-2022-83
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vfgz-fss4-wbgu |
|
| 45 |
| url |
VCID-vgv7-xc3c-1fb3 |
| vulnerability_id |
VCID-vgv7-xc3c-1fb3 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23564, CVE-2022-23564, GHSA-8rcj-c8pj-v3m3, PYSEC-2022-128, PYSEC-2022-73
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vgv7-xc3c-1fb3 |
|
| 46 |
| url |
VCID-vnn5-y8ez-rub9 |
| vulnerability_id |
VCID-vnn5-y8ez-rub9 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer overflow which results in a `CHECK`-fail when building new `TensorShape` objects (so, an assert failure based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23568, CVE-2022-23568, GHSA-6445-fm66-fvq2, PYSEC-2022-132, PYSEC-2022-77
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vnn5-y8ez-rub9 |
|
| 47 |
| url |
VCID-vpyd-he5n-b3a4 |
| vulnerability_id |
VCID-vpyd-he5n-b3a4 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-21739, CVE-2022-21739, GHSA-3mw4-6rj6-74g5, PYSEC-2022-118, PYSEC-2022-63
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vpyd-he5n-b3a4 |
|
| 48 |
| url |
VCID-vqxg-mnz4-13cg |
| vulnerability_id |
VCID-vqxg-mnz4-13cg |
| summary |
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23570, CVE-2022-23570, GHSA-9p77-mmrw-69c7, PYSEC-2022-134, PYSEC-2022-79
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vqxg-mnz4-13cg |
|
| 49 |
| url |
VCID-x2t2-4sa6-qygs |
| vulnerability_id |
VCID-x2t2-4sa6-qygs |
| summary |
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23561, CVE-2022-23561, GHSA-9c78-vcq7-7vxq, PYSEC-2022-125, PYSEC-2022-70
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x2t2-4sa6-qygs |
|
| 50 |
| url |
VCID-x5x3-2cyz-xbhe |
| vulnerability_id |
VCID-x5x3-2cyz-xbhe |
| summary |
Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-23578, CVE-2022-23578, GHSA-8r7c-3cm2-3h8f, PYSEC-2022-142, PYSEC-2022-87
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x5x3-2cyz-xbhe |
|
| 51 |
| url |
VCID-xn72-z6kg-q7bp |
| vulnerability_id |
VCID-xn72-z6kg-q7bp |
| summary |
Integer Overflow or Wraparound in TensorFlow
### Impact
The Grappler component of TensorFlow is vulnerable to a denial of service via `CHECK`-failure in constant folding for ;
// ...
}
```
The `output_prop` tensor has a shape that is controlled by user input and this can result in triggering one of the `CHECK`s in the `PartialTensorShape` constructor. This is an instance of TFSA-2021-198 .
### Patches
We have patched the issue in GitHub commit be7b286d40bc68cb0b56f702186cc4837d508058 fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
### For more information
Please consult [our security guide] for more information regarding the security model and how to contact us with issues and questions. |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-wcv5-vrvr-3rx2, GMS-2022-50, GMS-2022-53, GMS-2022-56
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xn72-z6kg-q7bp |
|
| 52 |
| url |
VCID-y8ed-ynrx-37af |
| vulnerability_id |
VCID-y8ed-ynrx-37af |
| summary |
Improper Validation of Integrity Check Value in TensorFlow
The implementation of `tf.sparse.split` does not fully validate the input arguments. |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-43q8-3fv7-pr5x, GMS-2022-48, GMS-2022-51, GMS-2022-54
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y8ed-ynrx-37af |
|
| 53 |
| url |
VCID-yvag-32h1-yfc5 |
| vulnerability_id |
VCID-yvag-32h1-yfc5 |
| summary |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-tensorflow-2022-21740, CVE-2022-21740, GHSA-44qp-9wwf-734r, PYSEC-2022-119, PYSEC-2022-64
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yvag-32h1-yfc5 |
|
| 54 |
| url |
VCID-yvef-kyv2-qbea |
| vulnerability_id |
VCID-yvef-kyv2-qbea |
| summary |
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow
### Impact
The code for boosted trees in TensorFlow is still missing validation. This allows malicious users to read and write outside of bounds of heap allocated data as well as trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures).
This follows after CVE-2021-41208 where these APIs were still vulnerable to multiple security issues.
**Note**: Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. Instead, please use the downstream [TensorFlow Decision Forests] project which is newer and supports more features.
These APIs are now deprecated in TensorFlow 2.8. We will remove TensorFlow's boosted trees APIs in subsequent releases.
### Patches
We have patched the known issues in multiple GitHub commits.
The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
This should allow users to use existing boosted trees APIs for a while until they migrate to TensorFlow Decision Forests while guaranteeing that known vulnerabilities are fixed.
### For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
### Attribution
These vulnerabilities have been reported by Yu Tian of Qihoo 360 AIVul Team and Faysal Hossain Shezan from University of Virginia. Some of the issues have been discovered internally after a careful audit of the APIs. |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-h6gw-r52c-724r, GMS-2022-49, GMS-2022-52, GMS-2022-55
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yvef-kyv2-qbea |
|
|
|---|