Bitnami package
tensorflow
pkg:bitnami/tensorflow
Vulnerabilities (423)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-35952 | — | >= 2.7.0, < 2.7.2 | 2.7.2 | Sep 16, 2022 | TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times | ||
| CVE-2022-35940 | — | >= 2.7.0, < 2.7.2 | 2.7.2 | Sep 16, 2022 | TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an | ||
| CVE-2022-35941 | — | >= 2.7.0, < 2.7.2 | 2.7.2 | Sep 16, 2022 | TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6 | ||
| CVE-2022-35937 | — | >= 2.7.0, < 2.7.2 | 2.7.2 | Sep 16, 2022 | TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has | ||
| CVE-2022-35939 | — | >= 2.7.0, < 2.7.2 | 2.7.2 | Sep 16, 2022 | TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigge | ||
| CVE-2022-35935 | — | >= 2.7.0, < 2.7.2 | 2.7.2 | Sep 16, 2022 | TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue has been patched in GitHub | ||
| CVE-2022-35938 | — | >= 2.7.0, < 2.7.2 | 2.7.2 | Sep 16, 2022 | TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. Thi | ||
| CVE-2022-35934 | — | >= 2.7.0, < 2.7.2 | 2.7.2 | Sep 16, 2022 | TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub | ||
| CVE-2022-29216 | — | < 2.6.4 | 2.6.4 | May 20, 2022 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons a | ||
| CVE-2022-29213 | — | < 2.6.4 | 2.6.4 | May 20, 2022 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versi | ||
| CVE-2022-29210 | — | >= 2.8.0, < 2.8.1 | 2.8.1 | May 20, 2022 | TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access i | ||
| CVE-2022-29209 | — | < 2.6.4 | 2.6.4 | May 20, 2022 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type | ||
| CVE-2022-29211 | — | < 2.6.4 | 2.6.4 | May 20, 2022 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that a | ||
| CVE-2022-29212 | — | < 2.6.4 | 2.6.4 | May 20, 2022 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale | ||
| CVE-2022-29201 | — | < 2.6.4 | 2.6.4 | May 20, 2022 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is | ||
| CVE-2022-29202 | — | < 2.6.4 | 2.6.4 | May 20, 2022 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2. | ||
| CVE-2022-29203 | — | < 2.6.4 | 2.6.4 | May 20, 2022 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer o | ||
| CVE-2022-29204 | — | >= 1.15.0, < 2.6.4 | 2.6.4 | May 20, 2022 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denia | ||
| CVE-2022-29208 | — | < 2.6.4 | 2.6.4 | May 20, 2022 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multip | ||
| CVE-2022-29205 | — | < 2.6.4 | 2.6.4 | May 20, 2022 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added afte |
- CVE-2022-35952Sep 16, 2022affected >= 2.7.0, < 2.7.2fixed 2.7.2
TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times
- CVE-2022-35940Sep 16, 2022affected >= 2.7.0, < 2.7.2fixed 2.7.2
TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an
- CVE-2022-35941Sep 16, 2022affected >= 2.7.0, < 2.7.2fixed 2.7.2
TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6
- CVE-2022-35937Sep 16, 2022affected >= 2.7.0, < 2.7.2fixed 2.7.2
TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has
- CVE-2022-35939Sep 16, 2022affected >= 2.7.0, < 2.7.2fixed 2.7.2
TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigge
- CVE-2022-35935Sep 16, 2022affected >= 2.7.0, < 2.7.2fixed 2.7.2
TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue has been patched in GitHub
- CVE-2022-35938Sep 16, 2022affected >= 2.7.0, < 2.7.2fixed 2.7.2
TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. Thi
- CVE-2022-35934Sep 16, 2022affected >= 2.7.0, < 2.7.2fixed 2.7.2
TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub
- CVE-2022-29216May 20, 2022affected < 2.6.4fixed 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons a
- CVE-2022-29213May 20, 2022affected < 2.6.4fixed 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versi
- CVE-2022-29210May 20, 2022affected >= 2.8.0, < 2.8.1fixed 2.8.1
TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access i
- CVE-2022-29209May 20, 2022affected < 2.6.4fixed 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type
- CVE-2022-29211May 20, 2022affected < 2.6.4fixed 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that a
- CVE-2022-29212May 20, 2022affected < 2.6.4fixed 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale
- CVE-2022-29201May 20, 2022affected < 2.6.4fixed 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is
- CVE-2022-29202May 20, 2022affected < 2.6.4fixed 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.
- CVE-2022-29203May 20, 2022affected < 2.6.4fixed 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer o
- CVE-2022-29204May 20, 2022affected >= 1.15.0, < 2.6.4fixed 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denia
- CVE-2022-29208May 20, 2022affected < 2.6.4fixed 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multip
- CVE-2022-29205May 20, 2022affected < 2.6.4fixed 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added afte
Page 6 of 22