Search for packages
| purl | pkg:pypi/tensorflow-cpu@2.7.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-11qd-d7c7-sbdm
Aliases: BIT-tensorflow-2022-21731 CVE-2022-21731 GHSA-m4hf-j54p-p353 PYSEC-2022-110 PYSEC-2022-55 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusion. The `axis` argument is translated into `concat_dim` in the `ConcatShapeHelper` helper function. Then, a value for `min_rank` is computed based on `concat_dim`. This is then used to validate that the `values` tensor has at least the required rank. However, `WithRankAtLeast` receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that `min_rank` is a 32-bits value and the value of `axis`, the `rank` argument is a negative value, so the error check is bypassed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-145d-k5w3-tfgz
Aliases: BIT-tensorflow-2022-23567 CVE-2022-23567 GHSA-rrx2-r989-2c43 PYSEC-2022-131 PYSEC-2022-76 |
Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or `CHECK`-fails when building new `TensorShape` objects (so, assert failures based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-15h4-876j-3bdz
Aliases: CVE-2022-35970 GHSA-g35r-369w-3fqp |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-15nt-6tff-k7gb
Aliases: BIT-tensorflow-2022-23587 CVE-2022-23587 GHSA-8jj7-5vxc-pg2q PYSEC-2022-151 PYSEC-2022-96 |
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-1ah5-hm7a-ykep
Aliases: BIT-tensorflow-2022-21730 CVE-2022-21730 GHSA-vjg4-v33c-ggc4 PYSEC-2022-109 PYSEC-2022-54 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-1hbp-9n5x-tyda
Aliases: CVE-2022-29211 GHSA-xrp2-fhq4-4q3w |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-1vxc-sbk4-77ef
Aliases: CVE-2022-41896 GHSA-rmg2-f698-wq35 |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-1w3g-z5ja-q7cr
Aliases: CVE-2022-35960 GHSA-v5xg-3q2c-c2r4 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-21pb-qyv3-27cj
Aliases: CVE-2022-35999 GHSA-37jf-mjv6-xfqw |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-2311-hknw-2ubh
Aliases: CVE-2022-35974 GHSA-vgvh-2pf4-jr2x |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-2tx7-szke-f7d8
Aliases: CVE-2022-29197 GHSA-hrg5-737c-2p56 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-2vyy-ktxf-y7hj
Aliases: CVE-2023-25666 GHSA-f637-vh3r-vfh2 |
Incorrect Comparison TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-32uz-pmsu-dycn
Aliases: CVE-2022-35996 GHSA-q5jv-m6qw-5g37 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-39ck-bm9t-kqhs
Aliases: BIT-tensorflow-2022-23557 CVE-2022-23557 GHSA-gf2j-f278-xh4v PYSEC-2022-121 PYSEC-2022-66 |
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-3czq-3twf-skcg
Aliases: BIT-tensorflow-2022-23573 CVE-2022-23573 GHSA-q85f-69q7-55h2 PYSEC-2022-137 PYSEC-2022-82 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-3dun-j9ep-3ugk
Aliases: CVE-2022-36018 GHSA-m6cv-4fmf-66xf |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-3erq-zcrk-qqaf
Aliases: CVE-2022-41900 GHSA-xvwp-h6jv-7472 |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-3esk-gwz9-wfa4
Aliases: CVE-2022-41898 GHSA-hq7g-wwwp-q46h |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-3fd6-8rv4-8qh3
Aliases: CVE-2022-35997 GHSA-p7hr-f446-x6qf |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-3g5a-5csn-h3d9
Aliases: BIT-tensorflow-2022-23588 CVE-2022-23588 GHSA-fx5c-h9f6-rv7c PYSEC-2022-152 PYSEC-2022-97 |
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-3s87-vf5k-cycp
Aliases: CVE-2022-41895 GHSA-gq2j-cr96-gvqx |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-3yjn-h25c-v3gb
Aliases: CVE-2023-25667 GHSA-fqm2-gh8w-gr68 |
Integer Overflow or Wraparound TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-3zd4-d2hc-87at
Aliases: CVE-2022-41890 GHSA-h246-cgh4-7475 |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-41ax-nrcf-yygf
Aliases: CVE-2022-29205 GHSA-54ch-gjq5-4976 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-466y-e26r-rka4
Aliases: BIT-tensorflow-2022-23595 CVE-2022-23595 GHSA-fpcp-9h7m-ffpx PYSEC-2022-103 PYSEC-2022-158 |
Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-4fcy-hbcs-cuan
Aliases: CVE-2022-29198 GHSA-mg66-qvc5-rm93 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-4mky-qp2e-vbhg
Aliases: CVE-2022-36001 GHSA-jqm7-m5q7-3hm5 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-4sj6-vagv-2qe4
Aliases: CVE-2022-35969 GHSA-q2c3-jpmc-gfjx |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-4tyf-xfhm-d3cm
Aliases: CVE-2022-35963 GHSA-84jm-4cf3-9jfm |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-4xpd-4a11-k3b7
Aliases: CVE-2022-35985 GHSA-9942-r22v-78cp |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-5f52-bwtt-m3hn
Aliases: CVE-2022-41889 GHSA-xxcj-rhqg-m46g |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-5m3b-x2b2-nfer
Aliases: CVE-2022-41886 GHSA-54pp-c6pp-7fpx |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-5qwh-rm2h-ekc7
Aliases: CVE-2022-41901 GHSA-g9fm-r5mm-rf9f |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-5tpp-sf62-zycs
Aliases: BIT-tensorflow-2022-23563 CVE-2022-23563 GHSA-wc4g-r73w-x8mm PYSEC-2022-127 PYSEC-2022-72 |
Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in `mktemp` and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the `mktemp` function usage. We have patched the issue in several commits, replacing `mktemp` with the safer `mkstemp`/`mkdtemp` functions, according to the usage pattern. Users are advised to upgrade as soon as possible. |
Affected by 124 other vulnerabilities. |
|
VCID-62er-23uz-6qgu
Aliases: CVE-2022-29192 GHSA-h2wq-prv9-2f56 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-62y1-pd1b-vqhr
Aliases: CVE-2022-36017 GHSA-wqmc-pm8c-2jhc |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-6888-uhtp-8ub6
Aliases: BIT-tensorflow-2022-21737 CVE-2022-21737 GHSA-f2vv-v9cg-qhh7 PYSEC-2022-116 PYSEC-2022-61 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious users to cause denial of service by passing in arguments which would trigger a `CHECK`-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in `CHECK` failures later when the output tensors get allocated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-6apy-b5ev-hkcj
Aliases: CVE-2022-41893 GHSA-67pf-62xr-q35m |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-6cr3-ywr5-f7e6
Aliases: CVE-2023-25668 GHSA-gw97-ff7c-9v96 |
Heap-based Buffer Overflow TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-6gnj-az99-h7b4
Aliases: BIT-tensorflow-2022-21735 CVE-2022-21735 GHSA-87v6-crgm-2gfj PYSEC-2022-114 PYSEC-2022-59 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalMaxPool` can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-6nyr-2edx-5qg6
Aliases: CVE-2023-33976 GHSA-gjh7-xx4r-x345 |
Affected by 0 other vulnerabilities. |
|
|
VCID-77cw-2wuq-nued
Aliases: CVE-2022-41887 GHSA-8fvv-46hw-vpg3 |
Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-7cu6-jt1f-q7hq
Aliases: CVE-2022-36011 GHSA-fv43-93gv-vm8f |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-7guk-jpt3-eka8
Aliases: CVE-2022-41899 GHSA-27rc-728f-x5w2 |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-7nkk-5pdm-uyck
Aliases: CVE-2022-35982 GHSA-397c-5g2j-qxpv |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-7uu3-mfan-4ue5
Aliases: CVE-2022-23594 GHSA-9x52-887g-fhc2 |
Out-of-bounds Read Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered. |
Affected by 124 other vulnerabilities. |
|
VCID-83pe-ztey-dbf4
Aliases: BIT-tensorflow-2022-23569 CVE-2022-23569 GHSA-qj5r-f9mv-rffh PYSEC-2022-133 PYSEC-2022-78 |
Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via `CHECK`-fails (i.e., assertion failures). This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. It is possible that other similar instances exist in TensorFlow, we will issue fixes as these are discovered. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-83t5-dg3c-5qa2
Aliases: CVE-2022-35967 GHSA-v6h3-348g-6h5x |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-8dhx-4a17-rbcj
Aliases: CVE-2023-25670 GHSA-49rq-hwc3-x77w |
NULL Pointer Dereference TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-8dwk-hykt-93a5
Aliases: CVE-2022-36012 GHSA-jvhc-5hhr-w3v5 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-8zqb-tqfq-7ud7
Aliases: CVE-2022-29199 GHSA-p9rc-rmr5-529j |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-9686-ufak-6ufd
Aliases: CVE-2023-25673 GHSA-647v-r7qq-24fh |
Incorrect Comparison TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-97cs-4kx3-37gm
Aliases: BIT-tensorflow-2022-21733 CVE-2022-21733 GHSA-98j8-c9q4-r38g PYSEC-2022-112 PYSEC-2022-57 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on `pad_witdh` and that result in computing a negative value for `ngram_width` which is later used to allocate parts of the output. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-9arh-a8wj-wka6
Aliases: BIT-tensorflow-2022-21734 CVE-2022-21734 GHSA-gcvh-66ff-4mwm PYSEC-2022-113 PYSEC-2022-58 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-9hzh-a72m-nya3
Aliases: CVE-2022-35984 GHSA-p2xf-8hgm-hpw5 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-ah8y-bmdk-5khm
Aliases: CVE-2022-35995 GHSA-g9h5-vr8m-x2h4 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-akmu-fas1-33h6
Aliases: BIT-tensorflow-2022-21741 CVE-2022-21741 GHSA-428x-9xc2-m8mj PYSEC-2022-120 PYSEC-2022-65 |
Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-axj7-aq9m-rqdu
Aliases: BIT-tensorflow-2022-23571 CVE-2022-23571 GHSA-j3mj-fhpq-qqjj PYSEC-2022-135 PYSEC-2022-80 |
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-ayew-3cca-tyhz
Aliases: CVE-2023-25676 GHSA-6wfh-89q8-44jq |
NULL Pointer Dereference TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-b4hf-5gqs-yfbw
Aliases: CVE-2022-29206 GHSA-rc9w-5c64-9vqq |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-b9p4-ta3s-wbeu
Aliases: CVE-2022-36013 GHSA-828c-5j5q-vrjq |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-bby1-jzms-6fgm
Aliases: CVE-2022-41908 GHSA-mv77-9g28-cwg3 |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-bjrr-3t28-rqgp
Aliases: CVE-2022-35983 GHSA-m6vp-8q9j-whx4 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-bn6z-c98v-n7bf
Aliases: CVE-2022-29203 GHSA-jjm6-4vf7-cjh4 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-ccv1-pgda-r7ba
Aliases: BIT-tensorflow-2022-23566 CVE-2022-23566 GHSA-5qw5-89mw-wcg2 PYSEC-2022-130 PYSEC-2022-75 |
Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-cwvm-wntu-tfck
Aliases: BIT-tensorflow-2022-23579 CVE-2022-23579 GHSA-5f2r-qp73-37mr PYSEC-2022-143 PYSEC-2022-88 |
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-d1hw-1fdb-kfhq
Aliases: CVE-2022-29209 GHSA-f4rr-5m7v-wxcw |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-d3dc-su6w-s3ag
Aliases: BIT-tensorflow-2022-21726 CVE-2022-21726 GHSA-23hm-7w47-xw72 PYSEC-2022-105 PYSEC-2022-50 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-d6hn-ppha-buc1
Aliases: CVE-2023-25669 GHSA-rcf8-g8jv-vg6p |
Incorrect Comparison TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-dbu5-btf9-2bee
Aliases: CVE-2023-25660 GHSA-qjqc-vqcf-5qvj |
NULL Pointer Dereference TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-degg-b7w4-jyg7
Aliases: CVE-2022-35991 GHSA-vm7x-4qhj-rrcq |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-dgbb-1rft-7kdr
Aliases: CVE-2023-25662 GHSA-7jvm-xxmr-v5cw |
Integer Overflow or Wraparound TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 is vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-djkj-bbaq-6kdr
Aliases: CVE-2023-25674 GHSA-gf97-q72m-7579 |
NULL Pointer Dereference TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-djxs-vpxa-5bav
Aliases: CVE-2022-36005 GHSA-r26c-679w-mrjm |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-dk2p-s22p-hbd8
Aliases: CVE-2022-41891 GHSA-66vq-54fq-6jvv |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-dx1v-hfa1-xfg6
Aliases: CVE-2023-25665 GHSA-558h-mq8x-7q9g |
NULL Pointer Dereference TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-e7nb-5swt-r3c9
Aliases: CVE-2022-36000 GHSA-fqxc-pvf8-2w9v |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-ebu7-ts8t-43br
Aliases: CVE-2022-35994 GHSA-fhfc-2q7x-929f |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-egc6-6pwr-fyej
Aliases: BIT-tensorflow-2022-23577 CVE-2022-23577 GHSA-8cxv-76p7-jxwr PYSEC-2022-141 PYSEC-2022-86 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-en5f-xtha-cyhp
Aliases: BIT-tensorflow-2022-23586 CVE-2022-23586 GHSA-43jf-985q-588j PYSEC-2022-150 PYSEC-2022-95 |
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-etu4-tnze-h3ag
Aliases: CVE-2022-35935 GHSA-97p7-w86h-vcf9 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-ev23-kazv-nkas
Aliases: BIT-tensorflow-2022-23575 CVE-2022-23575 GHSA-c94w-c95p-phf8 PYSEC-2022-139 PYSEC-2022-84 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-ev84-gxjn-6bf1
Aliases: BIT-tensorflow-2022-21727 CVE-2022-21727 GHSA-c6fh-56w7-fvjw PYSEC-2022-106 PYSEC-2022-51 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow weakness. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes `axis + 1`, an attacker can trigger an integer overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-exym-4mq2-rkbj
Aliases: CVE-2022-29204 GHSA-hx9q-2mx4-m4pg |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-eyqx-7k24-zfhq
Aliases: BIT-tensorflow-2022-21738 CVE-2022-21738 GHSA-x4qx-4fjv-hmw6 PYSEC-2022-117 PYSEC-2022-62 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-f25m-udat-n3fd
Aliases: BIT-tensorflow-2022-23562 CVE-2022-23562 GHSA-qx3f-p745-w4hr PYSEC-2022-126 PYSEC-2022-71 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-f3cx-k63z-7qde
Aliases: BIT-tensorflow-2022-23559 CVE-2022-23559 GHSA-98p5-x8x4-c9m5 PYSEC-2022-123 PYSEC-2022-68 |
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version. |
Affected by 124 other vulnerabilities. |
|
VCID-f58d-1zga-jkf2
Aliases: CVE-2023-25663 GHSA-64jg-wjww-7c5w |
NULL Pointer Dereference TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-f8ut-vanr-1qbz
Aliases: CVE-2022-35965 GHSA-qxpx-j395-pw36 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-ffkg-sa3q-8qfq
Aliases: BIT-tensorflow-2022-23592 CVE-2022-23592 GHSA-vq36-27g6-p492 PYSEC-2022-101 PYSEC-2022-156 |
Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. |
Affected by 124 other vulnerabilities. |
|
VCID-fggx-3rzd-8kf5
Aliases: BIT-tensorflow-2022-23585 CVE-2022-23585 GHSA-fq6p-6334-8gr4 PYSEC-2022-149 PYSEC-2022-94 |
Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-fr8d-65tt-a7bw
Aliases: CVE-2022-35939 GHSA-ffjm-4qwc-7cmf |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-g5zp-g143-a3hk
Aliases: CVE-2022-29202 GHSA-cwpm-f78v-7m5c |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-g7ud-1f9c-u7bn
Aliases: CVE-2022-29212 GHSA-8wwm-6264-x792 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-g8er-52ns-j7b1
Aliases: BIT-tensorflow-2022-21728 CVE-2022-21728 GHSA-6gmv-pjp9-p8w8 PYSEC-2022-107 PYSEC-2022-52 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-g8ts-ghhv-33e3
Aliases: BIT-tensorflow-2022-23580 CVE-2022-23580 GHSA-627q-g293-49q7 PYSEC-2022-144 PYSEC-2022-89 |
Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-gecu-uvpb-6yak
Aliases: CVE-2023-25661 GHSA-fxgc-95xx-grvq |
TensorFlow Denial of Service vulnerability ### Impact A malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. To minimize the bug, we built a simple single-layer TensorFlow model containing a Convolution3DTranspose layer, which works well with expected inputs and can be deployed in real-world systems. However, if we call the model with a malicious input which has a zero dimension, it gives Check Failed failure and crashes. ```python import tensorflow as tf class MyModel(tf.keras.Model): def __init__(self): super().__init__() self.conv = tf.keras.layers.Convolution3DTranspose(2, [3,3,3], padding="same") def call(self, input): return self.conv(input) model = MyModel() # Defines a valid model. x = tf.random.uniform([1, 32, 32, 32, 3], minval=0, maxval=0, dtype=tf.float32) # This is a valid input. output = model.predict(x) print(output.shape) # (1, 32, 32, 32, 2) x = tf.random.uniform([1, 32, 32, 0, 3], dtype=tf.float32) # This is an invalid input. output = model(x) # crash ``` This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. ### Patches We have patched the issue in - GitHub commit [948fe6369a5711d4b4568ea9bbf6015c6dfb77e2](https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2) - GitHub commit [85db5d07db54b853484bfd358c3894d948c36baf](https://github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36baf). The fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1 ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. |
Affected by 1 other vulnerability. |
|
VCID-gg98-zkw8-5ben
Aliases: BIT-tensorflow-2022-21725 CVE-2022-21725 GHSA-v3f7-j968-4h5f PYSEC-2022-104 PYSEC-2022-49 |
Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-gh9u-ufcn-6khx
Aliases: CVE-2022-29194 GHSA-h5g4-ppwx-48q2 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-gnns-f4aa-wuas
Aliases: CVE-2022-35972 GHSA-4pc4-m9mj-v2r9 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-gpta-cf34-vkfe
Aliases: CVE-2023-25659 GHSA-93vr-9q9m-pj8p |
Out-of-bounds Read TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-gqh9-w7d2-r7ap
Aliases: CVE-2022-35952 GHSA-h5vq-gw2c-pq47 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-hdth-hp7r-ebfs
Aliases: CVE-2022-35987 GHSA-w62h-8xjm-fv49 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-hdyy-j28t-wyc1
Aliases: CVE-2023-25664 GHSA-6hg6-5c2q-7rcr |
Heap-based Buffer Overflow TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-hjd9-vujt-g7d2
Aliases: CVE-2022-36004 GHSA-mv8m-8x97-937q |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-hujj-6vv2-u3c2
Aliases: BIT-tensorflow-2022-23583 CVE-2022-23583 GHSA-gjqc-q9g6-q2j3 PYSEC-2022-147 PYSEC-2022-92 |
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don't match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-jdud-ufqp-4yg5
Aliases: BIT-tensorflow-2022-23591 CVE-2022-23591 GHSA-247x-2f9f-5wp7 PYSEC-2022-100 PYSEC-2022-155 |
Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-jg5r-hv3s-kuh3
Aliases: CVE-2022-29208 GHSA-2r2f-g8mw-9gvr |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-jmr2-tp5q-6qau
Aliases: CVE-2022-35973 GHSA-689c-r7h2-fv9v |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-k3rw-xwzv-1uer
Aliases: CVE-2022-29216 GHSA-75c9-jrh4-79mc |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-kdhk-ygud-9bft
Aliases: CVE-2022-35979 GHSA-v7vw-577f-vp8x |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-kjwx-6qbk-37ak
Aliases: CVE-2022-35981 GHSA-vxv8-r8q2-63xw |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-ky4u-eny7-33fy
Aliases: BIT-tensorflow-2022-21729 CVE-2022-21729 GHSA-34f9-hjfq-rr8j PYSEC-2022-108 PYSEC-2022-53 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-m4j4-decm-tkb6
Aliases: CVE-2022-36019 GHSA-9j4v-pp28-mxv7 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-m4na-tgrp-d7fk
Aliases: BIT-tensorflow-2022-23576 CVE-2022-23576 GHSA-wm93-f238-7v37 PYSEC-2022-140 PYSEC-2022-85 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-mrjt-fjbf-gyeh
Aliases: CVE-2022-35990 GHSA-h7ff-cfc9-wmmh |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-mtqg-yga8-eqeu
Aliases: BIT-tensorflow-2022-23581 CVE-2022-23581 GHSA-fq86-3f29-px2c PYSEC-2022-145 PYSEC-2022-90 |
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-mzvs-ne4v-4qh7
Aliases: CVE-2022-29213 GHSA-5889-7v45-q28m |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-n62z-1akp-ebck
Aliases: BIT-tensorflow-2022-23584 CVE-2022-23584 GHSA-24x4-6qmh-88qg PYSEC-2022-148 PYSEC-2022-93 |
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-nekm-7jcz-a3au
Aliases: CVE-2022-36002 GHSA-mh3m-62v7-68xg |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-ngkq-s26c-qkfj
Aliases: BIT-tensorflow-2022-23589 CVE-2022-23589 GHSA-9px9-73fg-3fqp PYSEC-2022-153 PYSEC-2022-98 |
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-nwcb-zuc2-hudk
Aliases: CVE-2022-35968 GHSA-2475-53vw-vp25 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-nymb-futt-vqgf
Aliases: CVE-2022-35941 GHSA-mgmh-g2v6-mqw5 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-pe9p-a7nn-8bhj
Aliases: BIT-tensorflow-2022-23582 CVE-2022-23582 GHSA-4j82-5ccr-4r8v PYSEC-2022-146 PYSEC-2022-91 |
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would trigger `CHECK` failures. `TensorShape` constructor throws a `CHECK`-fail if shape is partial or has a number of elements that would overflow the size of an `int`. The `PartialTensorShape` constructor instead does not cause a `CHECK`-abort if the shape is partial, which is exactly what this function needs to be able to return `-1`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-q2n9-eckv-jubc
Aliases: CVE-2022-35964 GHSA-f7r5-q7cx-h668 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-q4zv-syab-bbh8
Aliases: BIT-tensorflow-2022-23558 CVE-2022-23558 GHSA-9gwq-6cwj-47h3 PYSEC-2022-122 PYSEC-2022-67 |
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An attacker can control model inputs such that `computed_size` overflows the size of `int` datatype. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-qgr6-bqrc-puhs
Aliases: BIT-tensorflow-2022-23560 CVE-2022-23560 GHSA-4hvf-hxvg-f67v PYSEC-2022-124 PYSEC-2022-69 |
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Users are advised to upgrade as soon as possible. |
Affected by 124 other vulnerabilities. |
|
VCID-qxqd-f1bw-y7h4
Aliases: BIT-tensorflow-2022-21732 CVE-2022-21732 GHSA-c582-c96p-r5cq PYSEC-2022-111 PYSEC-2022-56 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger a denial of service attack by allocating too much memory. This is because the `num_threads` argument is only checked to not be negative, but there is no upper bound on its value. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-r6tc-xmds-nyhv
Aliases: CVE-2023-25671 GHSA-j5w9-hmfh-4cr6 |
Out-of-bounds Write TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-re7v-rdvx-9bav
Aliases: CVE-2022-36016 GHSA-g468-qj8g-vcjc |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-rgug-8jmj-e7hw
Aliases: CVE-2022-29200 GHSA-2vv3-56qg-g2cf |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-rsau-jvcr-uudd
Aliases: BIT-tensorflow-2022-21736 CVE-2022-21736 GHSA-pfjj-m3jj-9jc9 PYSEC-2022-115 PYSEC-2022-60 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain condition it can be made to dereference a `nullptr` value. The 3 input arguments to `SparseTensorSliceDataset` represent a sparse tensor. However, there are some preconditions that these arguments must satisfy but these are not validated in the implementation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-rsm8-1q5j-7yac
Aliases: CVE-2022-36026 GHSA-9cr2-8pwr-fhfq |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-rt4b-xxm6-xubs
Aliases: BIT-tensorflow-2022-23590 CVE-2022-23590 GHSA-pqrv-8r2f-7278 PYSEC-2022-154 PYSEC-2022-99 |
Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected. |
Affected by 124 other vulnerabilities. |
|
VCID-rzxq-vcmu-m7h5
Aliases: CVE-2022-41897 GHSA-f2w8-jw48-fr7j |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-s3fs-8v2b-zqem
Aliases: CVE-2022-29207 GHSA-5wpj-c6f7-24x8 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-s8hv-3hsb-mfca
Aliases: CVE-2023-27579 GHSA-5w96-866f-6rm8 |
Incorrect Comparison TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-sb8m-6jmx-bkh4
Aliases: CVE-2022-35940 GHSA-x989-q2pq-4q5x |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-sbpr-dnvt-x7eu
Aliases: CVE-2022-29201 GHSA-pqhm-4wvf-2jg8 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-ss5q-9rxf-pygf
Aliases: CVE-2022-35992 GHSA-9v8w-xmr4-wgxp |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-svbx-mnnb-eqbg
Aliases: CVE-2022-41880 GHSA-8w5g-3wcv-9g2j |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-sxk5-athp-f7f1
Aliases: CVE-2023-25672 GHSA-94mm-g2mv-8p7r |
NULL Pointer Dereference TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-tru4-6hk6-yydu
Aliases: GHSA-mw6j-hh29-h379 |
`CHECK` failure in depthwise ops via overflows |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
VCID-u133-f98p-zqec
Aliases: CVE-2023-25675 GHSA-7x4v-9gxg-9hwj |
Incorrect Comparison TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-ugta-nt2s-27fk
Aliases: BIT-tensorflow-2022-23572 CVE-2022-23572 GHSA-rww7-2gpw-fv6j PYSEC-2022-136 PYSEC-2022-81 |
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-uh53-ed93-cfhj
Aliases: CVE-2022-36003 GHSA-cv2p-32v3-vhwq |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-unq7-3j4j-q3ew
Aliases: CVE-2022-35959 GHSA-wxjj-cgcx-r3vq |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-uwq2-a5hb-9fhd
Aliases: CVE-2023-25658 GHSA-68v3-g9cm-rmm6 |
Out-of-bounds Read TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out-of-bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-ux3x-2756-n3av
Aliases: CVE-2022-41885 GHSA-762h-vpvw-3rcx |
Affected by 44 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-uxg4-9qfy-tbg6
Aliases: CVE-2023-25801 GHSA-f49c-87jh-g47q |
Double Free TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1. |
Affected by 1 other vulnerability. |
|
VCID-uyv6-cmed-a7c3
Aliases: BIT-tensorflow-2022-23593 CVE-2022-23593 GHSA-gwcx-jrx4-92w2 PYSEC-2022-102 PYSEC-2022-157 |
Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. |
Affected by 124 other vulnerabilities. |
|
VCID-v2nf-1526-nkbp
Aliases: BIT-tensorflow-2022-23565 CVE-2022-23565 GHSA-4v5p-v5h9-6xjx PYSEC-2022-129 PYSEC-2022-74 |
Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-v6cz-tyns-73br
Aliases: CVE-2022-35937 GHSA-pxrw-j2fv-hx3h |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-vbq8-42vx-b3hz
Aliases: CVE-2022-41907 GHSA-368v-7v32-52fx |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-vfgz-fss4-wbgu
Aliases: BIT-tensorflow-2022-23574 CVE-2022-23574 GHSA-77gp-3h4r-6428 PYSEC-2022-138 PYSEC-2022-83 |
Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-vgv7-xc3c-1fb3
Aliases: BIT-tensorflow-2022-23564 CVE-2022-23564 GHSA-8rcj-c8pj-v3m3 PYSEC-2022-128 PYSEC-2022-73 |
Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-vnn5-y8ez-rub9
Aliases: BIT-tensorflow-2022-23568 CVE-2022-23568 GHSA-6445-fm66-fvq2 PYSEC-2022-132 PYSEC-2022-77 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer overflow which results in a `CHECK`-fail when building new `TensorShape` objects (so, an assert failure based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-vpyd-he5n-b3a4
Aliases: BIT-tensorflow-2022-21739 CVE-2022-21739 GHSA-3mw4-6rj6-74g5 PYSEC-2022-118 PYSEC-2022-63 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-vqxg-mnz4-13cg
Aliases: BIT-tensorflow-2022-23570 CVE-2022-23570 GHSA-9p77-mmrw-69c7 PYSEC-2022-134 PYSEC-2022-79 |
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-wfh9-ew6v-nyhy
Aliases: CVE-2022-29191 GHSA-fv25-wrff-wf86 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-wm5z-8hpe-1ug6
Aliases: CVE-2022-36027 GHSA-79h2-q768-fpxr |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-ww95-y388-3ben
Aliases: CVE-2022-29196 GHSA-5v77-j66x-4c4g |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-x1r9-72db-xqf6
Aliases: CVE-2022-36014 GHSA-7j3m-8g3c-9qqq |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-x2t2-4sa6-qygs
Aliases: BIT-tensorflow-2022-23561 CVE-2022-23561 GHSA-9c78-vcq7-7vxq PYSEC-2022-125 PYSEC-2022-70 |
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-x5x3-2cyz-xbhe
Aliases: BIT-tensorflow-2022-23578 CVE-2022-23578 GHSA-8r7c-3cm2-3h8f PYSEC-2022-142 PYSEC-2022-87 |
Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-xn72-z6kg-q7bp
Aliases: GHSA-wcv5-vrvr-3rx2 GMS-2022-50 GMS-2022-53 GMS-2022-56 |
Integer Overflow or Wraparound in TensorFlow ### Impact The Grappler component of TensorFlow is vulnerable to a denial of service via `CHECK`-failure in constant folding for ; // ... } ``` The `output_prop` tensor has a shape that is controlled by user input and this can result in triggering one of the `CHECK`s in the `PartialTensorShape` constructor. This is an instance of TFSA-2021-198 . ### Patches We have patched the issue in GitHub commit be7b286d40bc68cb0b56f702186cc4837d508058 fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. ### For more information Please consult [our security guide] for more information regarding the security model and how to contact us with issues and questions. |
Affected by 124 other vulnerabilities. |
|
VCID-xp3m-ntp9-6bf4
Aliases: CVE-2022-41909 GHSA-rjx6-v474-2ch9 |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-y5s1-jyr5-eqfa
Aliases: CVE-2022-35989 GHSA-j43h-pgmg-5hjq |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-y8ed-ynrx-37af
Aliases: GHSA-43q8-3fv7-pr5x GMS-2022-48 GMS-2022-51 GMS-2022-54 |
Improper Validation of Integrity Check Value in TensorFlow The implementation of `tf.sparse.split` does not fully validate the input arguments. |
Affected by 124 other vulnerabilities. |
|
VCID-y9yr-d3rq-97dq
Aliases: CVE-2022-35934 GHSA-f4w6-h4f5-wx45 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-yvag-32h1-yfc5
Aliases: BIT-tensorflow-2022-21740 CVE-2022-21740 GHSA-44qp-9wwf-734r PYSEC-2022-119 PYSEC-2022-64 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 124 other vulnerabilities. |
|
VCID-yvdh-xkxd-uyb2
Aliases: CVE-2022-41888 GHSA-6x99-gv2v-q76v |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-yvef-kyv2-qbea
Aliases: GHSA-h6gw-r52c-724r GMS-2022-49 GMS-2022-52 GMS-2022-55 |
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow ### Impact The code for boosted trees in TensorFlow is still missing validation. This allows malicious users to read and write outside of bounds of heap allocated data as well as trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures). This follows after CVE-2021-41208 where these APIs were still vulnerable to multiple security issues. **Note**: Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. Instead, please use the downstream [TensorFlow Decision Forests] project which is newer and supports more features. These APIs are now deprecated in TensorFlow 2.8. We will remove TensorFlow's boosted trees APIs in subsequent releases. ### Patches We have patched the known issues in multiple GitHub commits. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. This should allow users to use existing boosted trees APIs for a while until they migrate to TensorFlow Decision Forests while guaranteeing that known vulnerabilities are fixed. ### For more information Please consult our security guide for more information regarding the security model and how to contact us with issues and questions. ### Attribution These vulnerabilities have been reported by Yu Tian of Qihoo 360 AIVul Team and Faysal Hossain Shezan from University of Virginia. Some of the issues have been discovered internally after a careful audit of the APIs. |
Affected by 124 other vulnerabilities. |
|
VCID-yx57-74vr-rfes
Aliases: CVE-2022-29195 GHSA-h48f-q7rw-hvr7 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-z5zj-88jh-cked
Aliases: CVE-2022-36015 GHSA-rh87-q4vg-m45j |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-z6dc-pprc-buar
Aliases: CVE-2022-35966 GHSA-4w68-4x85-mjj9 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-zc6k-2kds-afht
Aliases: CVE-2022-35971 GHSA-9fpg-838v-wpv7 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-zd9x-yen4-pkdf
Aliases: CVE-2022-41884 GHSA-jq6x-99hj-q636 |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-ztrz-qnwj-2fhd
Aliases: CVE-2022-35988 GHSA-9vqj-64pv-w55c |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-zts1-n99c-cuh1
Aliases: CVE-2022-41911 GHSA-pf36-r9c6-h97j |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-zun3-rnh3-h3e7
Aliases: CVE-2022-35993 GHSA-wq6q-6m32-9rv9 |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
|
VCID-zw94-ns7h-6qg3
Aliases: CVE-2022-29193 GHSA-2p9q-h29j-3f5v |
Affected by 45 other vulnerabilities. Affected by 42 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1sr1-happ-6ugc | multiple issues |
BIT-tensorflow-2021-41221
CVE-2021-41221 GHSA-cqv6-3phm-hcwx PYSEC-2021-413 PYSEC-2021-630 PYSEC-2021-828 |
| VCID-2cw7-2xzs-abfz | multiple issues |
BIT-tensorflow-2021-41217
CVE-2021-41217 GHSA-5crj-c72x-m7gq PYSEC-2021-409 PYSEC-2021-626 PYSEC-2021-824 |
| VCID-2hqc-3d51-4yf5 | multiple issues |
BIT-tensorflow-2021-41198
CVE-2021-41198 GHSA-2p25-55c9-h58q PYSEC-2021-391 PYSEC-2021-608 PYSEC-2021-806 |
| VCID-5d73-819a-xbeg | multiple issues |
BIT-tensorflow-2021-41209
CVE-2021-41209 GHSA-6hpv-v2rx-c5g6 PYSEC-2021-401 PYSEC-2021-618 PYSEC-2021-816 |
| VCID-5ty2-z944-mbht | multiple issues |
BIT-tensorflow-2021-41214
CVE-2021-41214 GHSA-vwhq-49r4-gj9v PYSEC-2021-406 PYSEC-2021-623 PYSEC-2021-821 |
| VCID-5xgg-h9wh-3uh7 | multiple issues |
BIT-tensorflow-2021-41226
CVE-2021-41226 GHSA-374m-jm66-3vj8 PYSEC-2021-418 PYSEC-2021-635 PYSEC-2021-833 |
| VCID-688g-g33x-67g9 | multiple issues |
BIT-tensorflow-2021-41223
CVE-2021-41223 GHSA-f54p-f6jp-4rhr PYSEC-2021-415 PYSEC-2021-632 PYSEC-2021-830 |
| VCID-9dhc-1f13-5qht | multiple issues |
BIT-tensorflow-2021-41219
CVE-2021-41219 GHSA-4f99-p9c2-3j8x PYSEC-2021-411 PYSEC-2021-628 PYSEC-2021-826 |
| VCID-9gde-ga9q-pqb4 | multiple issues |
BIT-tensorflow-2021-41207
CVE-2021-41207 GHSA-7v94-64hj-m82h PYSEC-2021-399 PYSEC-2021-616 PYSEC-2021-814 |
| VCID-9snf-qxka-83hd | multiple issues |
BIT-tensorflow-2021-41204
CVE-2021-41204 GHSA-786j-5qwq-r36x PYSEC-2021-397 PYSEC-2021-614 PYSEC-2021-812 |
| VCID-aad5-dg9x-53cz | multiple issues |
BIT-tensorflow-2021-41199
CVE-2021-41199 GHSA-5hx2-qx8j-qjqm PYSEC-2021-392 PYSEC-2021-609 PYSEC-2021-807 |
| VCID-b8sr-erwh-5yh8 | multiple issues |
BIT-tensorflow-2021-41228
CVE-2021-41228 GHSA-3rcw-9p9x-582v PYSEC-2021-420 PYSEC-2021-637 PYSEC-2021-835 |
| VCID-bm3u-2ych-eqac | multiple issues |
BIT-tensorflow-2021-41227
CVE-2021-41227 GHSA-j8c8-67vp-6mx7 PYSEC-2021-419 PYSEC-2021-636 PYSEC-2021-834 |
| VCID-cu5c-pmqv-xkdz | multiple issues |
BIT-tensorflow-2021-41200
CVE-2021-41200 GHSA-gh8h-7j2j-qv4f PYSEC-2021-393 PYSEC-2021-610 PYSEC-2021-808 |
| VCID-dj7v-yppg-ckdp | multiple issues |
BIT-tensorflow-2021-41211
CVE-2021-41211 GHSA-cvgx-3v3q-m36c PYSEC-2021-403 PYSEC-2021-620 PYSEC-2021-818 |
| VCID-exm3-hpp6-g7hg | multiple issues |
BIT-tensorflow-2021-41205
CVE-2021-41205 GHSA-49rx-x2rw-pc6f PYSEC-2021-398 PYSEC-2021-615 PYSEC-2021-813 |
| VCID-fa9v-1a1j-5ydf | multiple issues |
BIT-tensorflow-2021-41220
CVE-2021-41220 GHSA-gpfh-jvf9-7wg5 PYSEC-2021-412 PYSEC-2021-629 PYSEC-2021-827 |
| VCID-g144-4yvx-xybr | multiple issues |
BIT-tensorflow-2021-41202
CVE-2021-41202 GHSA-xrqm-fpgr-6hhx PYSEC-2021-395 PYSEC-2021-612 PYSEC-2021-810 |
| VCID-g423-bnfj-kybz | multiple issues |
BIT-tensorflow-2021-41224
CVE-2021-41224 GHSA-rg3m-hqc5-344v PYSEC-2021-416 PYSEC-2021-633 PYSEC-2021-831 |
| VCID-gbft-tx74-wkhf | multiple issues |
BIT-tensorflow-2021-41210
CVE-2021-41210 GHSA-m342-ff57-4jcc PYSEC-2021-402 PYSEC-2021-619 PYSEC-2021-817 |
| VCID-kupu-frrt-pqen | multiple issues |
BIT-tensorflow-2021-41216
CVE-2021-41216 GHSA-3ff2-r28g-w7h9 PYSEC-2021-408 PYSEC-2021-625 PYSEC-2021-823 |
| VCID-myjm-gbbc-qucg | multiple issues |
BIT-tensorflow-2021-41203
CVE-2021-41203 GHSA-7pxj-m4jf-r6h2 PYSEC-2021-396 PYSEC-2021-613 PYSEC-2021-811 |
| VCID-nfr9-fgdn-4kh8 | multiple issues |
BIT-tensorflow-2021-41222
CVE-2021-41222 GHSA-cpf4-wx82-gxp6 PYSEC-2021-414 PYSEC-2021-631 PYSEC-2021-829 |
| VCID-qdnt-cg25-5kdx | multiple issues |
BIT-tensorflow-2021-41197
CVE-2021-41197 GHSA-prcg-wp5q-rv7p PYSEC-2021-390 PYSEC-2021-607 PYSEC-2021-805 |
| VCID-qvnc-gzf6-y3f3 | multiple issues |
BIT-tensorflow-2021-41196
CVE-2021-41196 GHSA-m539-j985-hcr8 PYSEC-2021-389 PYSEC-2021-606 PYSEC-2021-804 |
| VCID-rkx2-5nyj-bbhu | multiple issues |
BIT-tensorflow-2021-41218
CVE-2021-41218 GHSA-9crf-c6qr-r273 PYSEC-2021-410 PYSEC-2021-627 PYSEC-2021-825 |
| VCID-rr2a-8jrx-6ue8 | multiple issues |
BIT-tensorflow-2021-41213
CVE-2021-41213 GHSA-h67m-xg8f-fxcf PYSEC-2021-405 PYSEC-2021-622 PYSEC-2021-820 |
| VCID-rujq-67w1-u3g7 | multiple issues |
BIT-tensorflow-2021-41225
CVE-2021-41225 GHSA-7r94-xv9v-63jw PYSEC-2021-417 PYSEC-2021-634 PYSEC-2021-832 |
| VCID-sb7m-pngm-5fbj | multiple issues |
BIT-tensorflow-2021-41215
CVE-2021-41215 GHSA-x3v8-c8qx-3j3r PYSEC-2021-407 PYSEC-2021-624 PYSEC-2021-822 |
| VCID-w2ns-kqmv-xfan | multiple issues |
BIT-tensorflow-2021-41208
CVE-2021-41208 GHSA-57wx-m983-2f88 PYSEC-2021-400 PYSEC-2021-617 PYSEC-2021-815 |
| VCID-xbt8-r95u-sqbu | multiple issues |
BIT-tensorflow-2021-41201
CVE-2021-41201 GHSA-j86v-p27c-73fm PYSEC-2021-394 PYSEC-2021-611 PYSEC-2021-809 |
| VCID-y7hx-h69v-wfcy | multiple issues |
BIT-tensorflow-2021-41212
CVE-2021-41212 GHSA-fr77-rrx3-cp7g PYSEC-2021-404 PYSEC-2021-621 PYSEC-2021-819 |