Latest google tensorflow Vulnerabilities

CVE-2023-25661
TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service ...
Google TensorFlow<2.11.1
CVE-2023-25801
TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements o...
Google TensorFlow<2.12.0
CVE-2023-27579
TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in ve...
Google TensorFlow<2.12.0
CVE-2023-25676
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a paramet...
Google TensorFlow<2.12.0
CVE-2023-25669
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating poi...
Google TensorFlow<2.12.0
CVE-2023-25673
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.1...
Google TensorFlow<2.12.0
CVE-2023-25667
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full ...
Google TensorFlow<2.12.0
CVE-2023-25658
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.
Google TensorFlow<2.12.0
CVE-2023-25666
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0...
Google TensorFlow<2.12.0
CVE-2023-25664
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.
Google TensorFlow<2.12.0
CVE-2023-25660
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` wil...
Google TensorFlow<2.12.0
CVE-2023-25670
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in T...
Google TensorFlow<2.12.0
CVE-2023-25662
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and v...
Google TensorFlow<2.12.0
CVE-2023-25674
TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11...
Google TensorFlow<2.12.0
CVE-2023-25663
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. ...
Google TensorFlow<2.12.0
CVE-2023-25665
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error....
Google TensorFlow<2.12.0
CVE-2023-25659
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can...
Google TensorFlow<2.12.0
CVE-2023-25668
TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remot...
Google TensorFlow<2.12.0
CVE-2023-25672
TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorF...
Google TensorFlow<2.12.0
CVE-2023-25671
TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Google TensorFlow<2.12.0
CVE-2023-25675
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the ...
Google TensorFlow<2.12.0
CVE-2022-41910
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than o...
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow=2.10.0
CVE-2022-41902
### Impact The function [MakeGrapplerFunctionItem](https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221) takes arguments that determine the siz...
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow=2.10.0
CVE-2022-41911
TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the eleme...
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow=2.10.0
CVE-2022-41908
TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub comm...
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow=2.10.0
CVE-2022-41907
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow>=2.10.0<2.10.1
CVE-2022-41901
TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have ...
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow>=2.10.0<2.10.1
CVE-2022-41900
TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerab...
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow=2.10.0
CVE-2022-41898
TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351eda...
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow>=2.10.0<2.10.1
CVE-2022-41899
TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in G...
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow=2.10.0
CVE-2022-41897
TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched t...
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow>=2.10.0<2.10.1
CVE-2022-41895
TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717c...
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow>=2.10.0<2.10.1
CVE-2022-41896
TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash....
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow>=2.10.0<2.10.1
CVE-2022-41893
TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial ...
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow>=2.10.0<2.10.1
CVE-2022-41894
TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result....
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow>=2.10.0<2.10.1
CVE-2022-41891
TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service...
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow>=2.10.0<2.10.1
CVE-2022-41890
TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can ...
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow>=2.10.0<2.10.1
CVE-2022-41889
TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not ...
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow>=2.10.0<2.10.1
CVE-2022-41885
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d5682...
Google TensorFlow<2.7.4
Google TensorFlow>=2.8.0<2.8.1
Google TensorFlow>=2.9.0<2.9.1
Google TensorFlow=2.10.0-rc0
Google TensorFlow=2.10.0-rc1
Google TensorFlow=2.10.0-rc2
and 1 more
CVE-2022-41880
TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patch...
Google TensorFlow<2.8.4
Google TensorFlow>=2.9.0<2.9.3
Google TensorFlow=2.10.0
CVE-2022-41883
TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub ...
Google TensorFlow=2.10.0
Google TensorFlow=2.10.0-rc0
Google TensorFlow=2.10.0-rc1
Google TensorFlow=2.10.0-rc2
Google TensorFlow=2.10.0-rc3
CVE-2022-36014
TensorFlow is an open source platform for machine learning. When `mlir::tfg::TFOp::nameAttr` receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e3...
Google TensorFlow<2.7.2
Google TensorFlow>=2.8.0<2.8.1
Google TensorFlow>=2.9.0<2.9.1
Google TensorFlow=2.10-rc0
Google TensorFlow=2.10-rc1
Google TensorFlow=2.10-rc2
and 1 more
CVE-2022-36012
TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub co...
Google TensorFlow<2.7.2
Google TensorFlow>=2.8.0<2.8.1
Google TensorFlow>=2.9.0<2.9.1
Google TensorFlow=2.10-rc0
Google TensorFlow=2.10-rc1
Google TensorFlow=2.10-rc2
and 1 more
CVE-2022-36011
TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the i...
Google TensorFlow<2.7.2
Google TensorFlow>=2.8.0<2.8.1
Google TensorFlow>=2.9.0<2.9.1
Google TensorFlow=2.10-rc0
Google TensorFlow=2.10-rc1
Google TensorFlow=2.10-rc2
and 1 more
CVE-2022-36027
TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We hav...
Google TensorFlow<2.7.2
Google TensorFlow>=2.8.0<2.8.1
Google TensorFlow>=2.9.0<2.9.1
Google TensorFlow=2.10-rc0
Google TensorFlow=2.10-rc1
Google TensorFlow=2.10-rc2
and 1 more
CVE-2022-36013
TensorFlow is an open source platform for machine learning. When `mlir::tfg::GraphDefImporter::ConvertNodeDef` tries to convert NodeDefs without an op name, it crashes. We have patched the issue in Gi...
Google TensorFlow<2.7.2
Google TensorFlow>=2.8.0<2.8.1
Google TensorFlow>=2.9.0<2.9.1
Google TensorFlow=2.10-rc0
Google TensorFlow=2.10-rc1
Google TensorFlow=2.10-rc2
and 1 more
CVE-2022-36016
TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail ins...
Google TensorFlow<2.7.2
Google TensorFlow>=2.8.0<2.8.1
Google TensorFlow>=2.9.0<2.9.1
Google TensorFlow=2.10-rc0
Google TensorFlow=2.10-rc1
Google TensorFlow=2.10-rc2
and 1 more
CVE-2022-36015
TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb8...
Google TensorFlow<2.7.2
Google TensorFlow>=2.8.0<2.8.1
Google TensorFlow>=2.9.0<2.9.1
Google TensorFlow=2.10-rc0
Google TensorFlow=2.10-rc1
Google TensorFlow=2.10-rc2
and 1 more
CVE-2022-36017
TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a...
Google TensorFlow<2.7.2
Google TensorFlow>=2.8.0<2.8.1
Google TensorFlow>=2.9.0<2.9.1
Google TensorFlow=2.10-rc0
Google TensorFlow=2.10-rc1
Google TensorFlow=2.10-rc2
and 1 more
CVE-2022-36005
TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that c...
Google TensorFlow<2.7.2
Google TensorFlow>=2.8.0<2.8.1
Google TensorFlow>=2.9.0<2.9.1
Google TensorFlow=2.10-rc0
Google TensorFlow=2.10-rc1
Google TensorFlow=2.10-rc2
and 1 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203