VYPR

PyPI package

tensorflow

pkg:pypi/tensorflow

Vulnerabilities (427)

  • CVE-2022-35940MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an

  • CVE-2022-35939HigSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigge

  • CVE-2022-35937HigSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has

  • CVE-2022-35935MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue has been patched in GitHub

  • CVE-2022-35934MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub

  • CVE-2022-29216HigMay 21, 2022
    affected < 2.6.4fixed 2.6.4

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons a

  • CVE-2022-29213MedMay 21, 2022
    affected < 2.6.4fixed 2.6.4

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versi

  • CVE-2022-29212MedMay 21, 2022
    affected < 2.6.4fixed 2.6.4

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale

  • CVE-2022-29211MedMay 21, 2022
    affected < 2.6.4fixed 2.6.4

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that a

  • CVE-2022-29210MedMay 21, 2022
    affected >= 2.8.0, < 2.8.1fixed 2.8.1

    TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access i

  • CVE-2022-29209MedMay 21, 2022
    affected < 2.6.4fixed 2.6.4

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type

  • CVE-2022-29208HigMay 20, 2022
    affected < 2.6.4fixed 2.6.4

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multip

  • CVE-2022-29206MedMay 20, 2022
    affected < 2.6.4fixed 2.6.4

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `nullptr` during kernel exe

  • CVE-2022-29205MedMay 20, 2022
    affected < 2.6.4fixed 2.6.4

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added afte

  • CVE-2022-29204MedMay 20, 2022
    affected < 2.6.4fixed 2.6.4

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denia

  • CVE-2022-29203MedMay 20, 2022
    affected < 2.6.4fixed 2.6.4

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer o

  • CVE-2022-29202MedMay 20, 2022
    affected < 2.6.4fixed 2.6.4

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.

  • CVE-2022-29201MedMay 20, 2022
    affected < 2.6.4fixed 2.6.4

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is

  • CVE-2022-29207MedMay 20, 2022
    affected < 2.6.4fixed 2.6.4

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these

  • CVE-2022-29200MedMay 20, 2022
    affected < 2.6.4fixed 2.6.4

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of s

Page 6 of 22