VYPR

PyPI package

tensorflow

pkg:pypi/tensorflow

Vulnerabilities (427)

  • CVE-2022-36000MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0. The fix will be

  • CVE-2022-35999MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attac

  • CVE-2022-35998MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `EmptyTensorList` receives an input `element_shape` with more than one dimension, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c8ba76d48567

  • CVE-2022-35997MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97

  • CVE-2022-35996MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. W

  • CVE-2022-35995MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf6b45244992e2

  • CVE-2022-35994MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. When `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c1f491817dec39a26be3c574e86a88c30f3c47

  • CVE-2022-35993MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af745836

  • CVE-2022-35992MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa20792

  • CVE-2022-35991MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. When `TensorListScatter` and `TensorListScatterV2` receive an `element_shape` of a rank greater than one, they give a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit b

  • CVE-2022-36026MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a7

  • CVE-2022-36019MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub co

  • CVE-2022-36018MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue

  • CVE-2022-35990MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue

  • CVE-2022-35989MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched

  • CVE-2022-35988MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18

  • CVE-2022-35987MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` fail that can be used to trigger a denial

  • CVE-2022-35986MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `RaggedBincount` is given an empty input tensor `splits`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530

  • CVE-2022-35985MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bd90b3efab4ec958b228cd

  • CVE-2022-35984MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. We have patched the iss

Page 4 of 22