AVG-2292 log

Package tensorflow
Status Fixed
Severity Critical
Type multiple issues
Affected 2.5.0-6
Fixed 2.5.1-1
Current 2.18.0-3 [extra]
Ticket None
Created Fri Aug 13 07:59:19 2021
Issue Severity Remote Type Description
CVE-2021-37692 Medium No Denial of service
In TensorFlow before version 2.6.0 under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TF_TString_Dealloc...
CVE-2021-37691 Low No Denial of service
In TensorFlow before version 2.6.0 an attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation.
CVE-2021-37690 Critical No Denial of service
In TensorFlow before version 2.6.0 when running shape functions, some functions (such as MutableHashTableShape) produce extra output information in the form...
CVE-2021-37689 Medium No Denial of service
In TensorFlow before version 2.6.0 an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and...
CVE-2021-37688 Medium No Denial of service
In TensorFlow before version 2.6.0 an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and...
CVE-2021-37687 Medium No Denial of service
In TensorFlow before version 2.6.0 TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an...
CVE-2021-37686 High No Denial of service
In TensorFlow before version 2.6.0 the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This...
CVE-2021-37685 Medium No Information disclosure
In TensorFlow before version 2.6.0 TFLite's expand_dims.cc contains a vulnerability which allows reading one element outside of bounds of heap allocated...
CVE-2021-37684 Low No Denial of service
In TensorFlow before version 2.6.0 the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not...
CVE-2021-37683 Low No Denial of service
In TensorFlow before version 2.6.0 the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor...
CVE-2021-37682 Medium No Denial of service
In TensorFlow before version 2.6.0 all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the...
CVE-2021-37681 High No Denial of service
In TensorFlow before version 2.6.0 the implementation of SVDF in TFLite is vulnerable to a null pointer error. The GetVariableInput function can return a...
CVE-2021-37680 Low No Denial of service
In TensorFlow before version 2.6.0 the implementation of fully connected layers in TFLite is vulnerable to a division by zero error.
CVE-2021-37679 High No Arbitrary code execution
In TensorFlow before version 2.6.0 it is possible to nest a tf.map_fn within another tf.map_fn call. However, if the input tensor is a RaggedTensor and...
CVE-2021-37678 Critical No Arbitrary code execution
In TensorFlow before version 2.6.0 TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML...
CVE-2021-37677 Medium No Denial of service
In TensorFlow before version 2.6.0 the shape inference code for tf.raw_ops.Dequantize has a vulnerability that could trigger a denial of service via a...
CVE-2021-37676 Low No Insufficient validation
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.SparseFillEmptyRows. The...
CVE-2021-37675 Medium No Denial of service
In TensorFlow before version 2.6.0 most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an...
CVE-2021-37674 Medium No Denial of service
In TensorFlow before version 2.6.0 an attacker can trigger a denial of service via a segmentation fault in tf.raw_ops.MaxPoolGrad caused by missing...
CVE-2021-37673 Medium No Denial of service
In TensorFlow before version 2.6.0 an attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.MapStage. The implementation does not check...
CVE-2021-37672 Medium No Information disclosure
In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to...
CVE-2021-37671 Low No Insufficient validation
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.Map* and...
CVE-2021-37670 Medium No Information disclosure
In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to...
CVE-2021-37669 High No Denial of service
In TensorFlow before version 2.6.0 an attacker can cause denial of service in applications serving models using tf.raw_ops.NonMaxSuppressionV5 by triggering...
CVE-2021-37668 Low No Denial of service
In TensorFlow before version 2.6.0 an attacker can cause denial of service in applications serving models using tf.raw_ops.UnravelIndex by triggering a...
CVE-2021-37667 Low No Insufficient validation
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.UnicodeEncode. The...
CVE-2021-37666 Low No Insufficient validation
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.RaggedTensorToVariant. The...
CVE-2021-37665 Medium No Insufficient validation
In TensorFlow before version 2.6.0 due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via...
CVE-2021-37664 Medium No Information disclosure
In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to...
CVE-2021-37663 Medium No Information disclosure
In TensorFlow before version 2.6.0 due to incomplete validation in tf.raw_ops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference...
CVE-2021-37662 Low No Insufficient validation
In TensorFlow before version 2.6.0 an attacker can generate undefined behavior via a reference binding to nullptr in...
CVE-2021-37661 High No Denial of service
In TensorFlow before version 2.6.0 an attacker can cause a denial of service in boosted_trees_create_quantile_stream_resource by using negative arguments....
CVE-2021-37660 Low No Denial of service
In TensorFlow before version 2.6.0 an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result...
CVE-2021-37659 Low No Information disclosure
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that...
CVE-2021-37658 Low No Information disclosure
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type...
CVE-2021-37657 Low No Insufficient validation
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type...
CVE-2021-37656 Low No Insufficient validation
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.RaggedTensorToSparse. The...
CVE-2021-37655 High No Information disclosure
In TensorFlow before version 2.6.0 an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to...
CVE-2021-37654 High No Information disclosure
In TensorFlow before version 2.6.0 an attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.raw_ops.ResourceGather or a read...
CVE-2021-37653 Low No Denial of service
In TensorFlow before version 2.6.0 an attacker can trigger a crash via a floating point exception in tf.raw_ops.ResourceGather. The implementation computes...
CVE-2021-37652 High No Arbitrary code execution
In TensorFlow before version 2.6.0 the implementation for tf.raw_ops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies...
CVE-2021-37651 High No Information disclosure
In TensorFlow before version 2.6.0 the implementation for tf.raw_ops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap...
CVE-2021-37650 High No Denial of service
In TensorFlow before version 2.6.0 the implementation for tf.raw_ops.ExperimentalDatasetToTFRecord and tf.raw_ops.DatasetToTFRecord can trigger heap buffer...
CVE-2021-37649 Low No Denial of service
In TensorFlow before version 2.6.0, the code for tf.raw_ops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains...
CVE-2021-37648 Medium No Denial of service
In TensorFlow before version 2.6.0 the code for tf.raw_ops.SaveV2 does not properly validate the inputs and an attacker can trigger a null pointer...
CVE-2021-37647 Low No Denial of service
In TensorFlow before version 2.6.0, when a user does not supply arguments that determine a valid sparse tensor, tf.raw_ops.SparseTensorSliceDataset...
CVE-2021-37646 Medium No Incorrect calculation
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.StringNGrams is vulnerable to an integer overflow issue caused by converting a signed...
CVE-2021-37645 Medium No Incorrect calculation
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by...
CVE-2021-37644 Medium No Denial of service
In TensorFlow before version 2.6.0 providing a negative element to num_elements list argument of tf.raw_ops.TensorListReserve causes the runtime to abort...
CVE-2021-37643 Low No Denial of service
In TensorFlow before version 2.6.0, If a user does not provide a valid padding value to tf.raw_ops.MatrixDiagPartOp, then the code triggers a null pointer...
CVE-2021-37642 Low No Denial of service
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.ResourceScatterDiv is vulnerable to a division by 0 error. The implementation uses a...
CVE-2021-37641 Low No Information disclosure
In TensorFlow before version 2.6.0 if the arguments to tf.raw_ops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of...
CVE-2021-37640 Low No Denial of service
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.SparseReshape can be made to trigger an integral division by 0 exception. The...
CVE-2021-37639 Low No Information disclosure
In TensorFlow before version 2.6.0, when restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a...
CVE-2021-37638 Low No Denial of service
In TensorFlow before version 2.6.0, sending invalid argument for row_partition_types of tf.raw_ops.RaggedTensorToTensor API results in a null pointer...
CVE-2021-37637 Low No Denial of service
In TensorFlow before version 2.6.0 it is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to...
CVE-2021-37636 Low No Denial of service
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The implementation uses a...
CVE-2021-37635 Medium No Information disclosure
In TensorFlow before version 2.6.0 the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated...