PyPI package
tensorflow-cpu
pkg:pypi/tensorflow-cpu
Vulnerabilities (417)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-29554 | — | >= 2.3.0, < 2.3.3 | 2.3.3 | May 14, 2021 | TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.DenseCountSparseOutput`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/efff014f3b2d8ef6141da3 | ||
| CVE-2021-29512 | — | >= 2.3.0, < 2.3.3 | 2.3.3 | May 14, 2021 | TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. Thi | ||
| CVE-2020-26266 | — | < 1.15.5 | 1.15.5 | Dec 10, 2020 | In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating poi | ||
| CVE-2020-26267 | — | < 1.15.5 | 1.15.5 | Dec 10, 2020 | In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds | ||
| CVE-2020-26268 | — | < 1.15.5 | 1.15.5 | Dec 10, 2020 | In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries | ||
| CVE-2020-26269 | — | >= 2.4.0rc0, < 2.4.0 | 2.4.0 | Dec 10, 2020 | In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the p | ||
| CVE-2020-26270 | — | < 1.15.5 | 1.15.5 | Dec 10, 2020 | In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the inpu | ||
| CVE-2020-26271 | — | < 1.15.5 | 1.15.5 | Dec 10, 2020 | In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input s | ||
| CVE-2020-15266 | — | < 2.4.0 | 2.4.0 | Oct 21, 2020 | In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined behavior which later produces a segmentati | ||
| CVE-2020-15265 | — | < 2.4.0 | 2.4.0 | Oct 21, 2020 | In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to vali | ||
| CVE-2020-15212 | — | >= 2.2.0, < 2.2.1 | 2.2.1 | Sep 25, 2020 | In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write | ||
| CVE-2020-15213 | — | >= 2.2.0, < 2.2.1 | 2.2.1 | Sep 25, 2020 | In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of | ||
| CVE-2020-15214 | — | >= 2.2.0, < 2.2.1 | 2.2.1 | Sep 25, 2020 | In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to dete | ||
| CVE-2020-15201 | — | >= 2.3.0, < 2.3.1 | 2.3.1 | Sep 25, 2020 | In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tenso | ||
| CVE-2020-15202 | — | < 1.15.4 | 1.15.4 | Sep 25, 2020 | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` a | ||
| CVE-2020-15203 | — | < 1.15.4 | 1.15.4 | Sep 25, 2020 | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This ma | ||
| CVE-2020-15204 | — | < 1.15.4 | 1.15.4 | Sep 25, 2020 | In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_st | ||
| CVE-2020-15205 | — | < 1.15.4 | 1.15.4 | Sep 25, 2020 | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all th | ||
| CVE-2020-15206 | — | < 1.15.4 | 1.15.4 | Sep 25, 2020 | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products usin | ||
| CVE-2020-15207 | — | < 1.15.4 | 1.15.4 | Sep 25, 2020 | In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in de |
- CVE-2021-29554May 14, 2021affected >= 2.3.0, < 2.3.3fixed 2.3.3
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.DenseCountSparseOutput`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/efff014f3b2d8ef6141da3
- CVE-2021-29512May 14, 2021affected >= 2.3.0, < 2.3.3fixed 2.3.3
TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. Thi
- CVE-2020-26266Dec 10, 2020affected < 1.15.5fixed 1.15.5
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating poi
- CVE-2020-26267Dec 10, 2020affected < 1.15.5fixed 1.15.5
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds
- CVE-2020-26268Dec 10, 2020affected < 1.15.5fixed 1.15.5
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries
- CVE-2020-26269Dec 10, 2020affected >= 2.4.0rc0, < 2.4.0fixed 2.4.0
In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the p
- CVE-2020-26270Dec 10, 2020affected < 1.15.5fixed 1.15.5
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the inpu
- CVE-2020-26271Dec 10, 2020affected < 1.15.5fixed 1.15.5
In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input s
- CVE-2020-15266Oct 21, 2020affected < 2.4.0fixed 2.4.0
In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined behavior which later produces a segmentati
- CVE-2020-15265Oct 21, 2020affected < 2.4.0fixed 2.4.0
In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to vali
- CVE-2020-15212Sep 25, 2020affected >= 2.2.0, < 2.2.1fixed 2.2.1
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write
- CVE-2020-15213Sep 25, 2020affected >= 2.2.0, < 2.2.1fixed 2.2.1
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of
- CVE-2020-15214Sep 25, 2020affected >= 2.2.0, < 2.2.1fixed 2.2.1
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to dete
- CVE-2020-15201Sep 25, 2020affected >= 2.3.0, < 2.3.1fixed 2.3.1
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tenso
- CVE-2020-15202Sep 25, 2020affected < 1.15.4fixed 1.15.4
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` a
- CVE-2020-15203Sep 25, 2020affected < 1.15.4fixed 1.15.4
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This ma
- CVE-2020-15204Sep 25, 2020affected < 1.15.4fixed 1.15.4
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_st
- CVE-2020-15205Sep 25, 2020affected < 1.15.4fixed 1.15.4
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all th
- CVE-2020-15206Sep 25, 2020affected < 1.15.4fixed 1.15.4
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products usin
- CVE-2020-15207Sep 25, 2020affected < 1.15.4fixed 1.15.4
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in de
Page 20 of 21