Denial of Service in TensorFlow
Description
TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a Convolution3DTranspose call. This issue has been patched and users are advised to upgrade to version 2.11.1. There are no known workarounds for this vulnerability.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.11.1 | 2.11.1 |
tensorflow-cpuPyPI | < 2.11.1 | 2.11.1 |
Affected products
1- Range: < 2.11.1
Patches
285db5d07db54Add a test case for keras.layers.Convolution3DTranspose to verify zero input shape does not raise errors
1 file changed · +6 −0
keras/layers/convolutional/conv_test.py+6 −0 modified@@ -448,6 +448,12 @@ def test_conv3d_invalid_output_shapes(self): layer = keras.layers.Conv3D(**kwargs) layer.build((None, 5, 5, 5, 2)) + def test_conv3d_zero_dim_output(self): + conv = keras.layers.Convolution3DTranspose(2, [3, 3, 3], padding="same") + x = tf.random.uniform([1, 32, 32, 0, 3], dtype=tf.float32) + # The layer doesn't crash with 0 dim input + _ = conv(x) + @test_combinations.run_all_keras_modes(always_skip_v1=True) class GroupedConvTest(test_combinations.TestCase):
948fe6369a57Fix nn.conv3d_transpose security vulnerability with illegal input shape
2 files changed · +20 −1
tensorflow/core/kernels/conv_grad_ops_3d.cc+5 −0 modified@@ -1322,6 +1322,11 @@ class Conv3DBackpropInputOp<GPUDevice, T> : public OpKernel { Tensor* in_backprop; OP_REQUIRES_OK(context, context->allocate_output(0, input_shape, &in_backprop)); + for (std::size_t i = 0; i < input_shape.dims(); ++i) { + if (input_shape.dim_size(i) == 0) { + return; + } + } auto* stream = context->op_device_context()->stream(); OP_REQUIRES(context, stream, errors::Internal("No GPU stream available."));
tensorflow/python/kernel_tests/nn_ops/conv3d_transpose_test.py+15 −1 modified@@ -126,7 +126,7 @@ def testConv3DTransposeShapeMismatch(self): x_value = np.random.random_sample(x_shape).astype(np.float64) f_value = np.random.random_sample(f_shape).astype(np.float64) nn_ops.conv3d_transpose( - x_value, f_value, y_shape, strides, data_format='NCDHW') + x_value, f_value, y_shape, strides, data_format="NCDHW") def testConv3DTransposeOutputShapeType(self): # Test case for GitHub issue 18887 @@ -218,6 +218,20 @@ def testGradient(self): err_tolerance = 0.00055 self.assertLess(err, err_tolerance) + def testConv3DTransposeZeroShapeDoNotRaiseError(self): + with self.cached_session(): + x_value = np.zeros([10, 0, 2, 3, 3]) + f_value = np.ones((3, 3, 3, 3, 3)) + y_shape = np.stack([10, 0, 2, 3, 3]) + output = nn_ops.conv3d_transpose( + x_value, + f_value, + y_shape, + strides=(1, 1, 1), + data_format="NDHWC", + padding="SAME", + ) + _ = self.evaluate(output) if __name__ == "__main__": test.main()
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-fxgc-95xx-grvqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-25661ghsaADVISORY
- github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36bafghsaWEB
- github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvqghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.