VYPR

rpm package

opensuse/tensorflow2_2_1_2-gnu-hpc&distro=openSUSE Leap 15.2

pkg:rpm/opensuse/tensorflow2_2_1_2-gnu-hpc&distro=openSUSE%20Leap%2015.2

Vulnerabilities (16)

  • CVE-2020-15202Sep 25, 2020
    affected < 2.1.2-lp152.7.3.1fixed 2.1.2-lp152.7.3.1

    In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` a

  • CVE-2020-15203Sep 25, 2020
    affected < 2.1.2-lp152.7.3.1fixed 2.1.2-lp152.7.3.1

    In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This ma

  • CVE-2020-15204Sep 25, 2020
    affected < 2.1.2-lp152.7.3.1fixed 2.1.2-lp152.7.3.1

    In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_st

  • CVE-2020-15205Sep 25, 2020
    affected < 2.1.2-lp152.7.3.1fixed 2.1.2-lp152.7.3.1

    In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all th

  • CVE-2020-15206Sep 25, 2020
    affected < 2.1.2-lp152.7.3.1fixed 2.1.2-lp152.7.3.1

    In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products usin

  • CVE-2020-15207Sep 25, 2020
    affected < 2.1.2-lp152.7.3.1fixed 2.1.2-lp152.7.3.1

    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in de

  • CVE-2020-15208Sep 25, 2020
    affected < 2.1.2-lp152.7.3.1fixed 2.1.2-lp152.7.3.1

    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, mali

  • CVE-2020-15209Sep 25, 2020
    affected < 2.1.2-lp152.7.3.1fixed 2.1.2-lp152.7.3.1

    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor

  • CVE-2020-15210Sep 25, 2020
    affected < 2.1.2-lp152.7.3.1fixed 2.1.2-lp152.7.3.1

    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issu

  • CVE-2020-15211Sep 25, 2020
    affected < 2.1.2-lp152.7.3.1fixed 2.1.2-lp152.7.3.1

    In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer f

  • CVE-2020-15191Sep 25, 2020
    affected < 2.1.2-lp152.7.3.1fixed 2.1.2-lp152.7.3.1

    In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly c

  • CVE-2020-15192Sep 25, 2020
    affected < 2.1.2-lp152.7.3.1fixed 2.1.2-lp152.7.3.1

    In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `status` argument during validation failures is not properly checked. Since each o

  • CVE-2020-15193Sep 25, 2020
    affected < 2.1.2-lp152.7.3.1fixed 2.1.2-lp152.7.3.1

    In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping

  • CVE-2020-15194Sep 25, 2020
    affected < 2.1.2-lp152.7.3.1fixed 2.1.2-lp152.7.3.1

    In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_ma

  • CVE-2020-15195Sep 25, 2020
    affected < 2.1.2-lp152.7.3.1fixed 2.1.2-lp152.7.3.1

    In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overfl

  • CVE-2020-15190Sep 25, 2020
    affected < 2.1.2-lp152.7.3.1fixed 2.1.2-lp152.7.3.1

    In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an