issues
advisories
todo
stats
log
login

Log

« prev 1 2 … 466 467 468 469 470 471 472 … 2047 2048 next »

CVE-2021-37639 created at 13 Aug 2021 07:58:02

Severity

Low

Remote

Local

Type

+	Information disclosure

Description

In TensorFlow before version 2.6.0, when restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some tensor names but not enough for a successful restoration. The implementation retrieves the tensor list corresponding to the tensor_name user controlled input and immediately retrieves the tensor at the restoration index (controlled via preferred_shard argument). This occurs without validating that the provided list has enough values. If the list is empty this results in dereferencing a null pointer (undefined behavior). If, however, the list has some elements, if the restoration index is outside the bounds this results in heap OOB read.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gh6x-4whr-2qv4
+	https://github.com/tensorflow/tensorflow/commit/9e82dce6e6bd1f36a57e08fa85af213e2b2f2622

Notes

CVE-2021-37640 created at 13 Aug 2021 07:58:01

Severity

Low

Remote

Local

Type

+	Denial of service

Description

In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.SparseReshape can be made to trigger an integral division by 0 exception. The implementation calls the reshaping functor whenever there is at least an index in the input but does not check that shape of the input or the target shape have both a non-zero number of elements. The reshape functor blindly divides by the dimensions of the target shape. Hence, if this is not checked, code will result in a division by 0.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-95xm-g58g-3p88
+	https://github.com/tensorflow/tensorflow/commit/4923de56ec94fff7770df259ab7f2288a74feb41

Notes

CVE-2021-37642 created at 13 Aug 2021 07:58:01

Severity

Low

Remote

Local

Type

+	Denial of service

Description

+	In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.ResourceScatterDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case separately.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-ch4f-829c-v5pw
+	https://github.com/tensorflow/tensorflow/commit/4aacb30888638da75023e6601149415b39763d76

Notes

CVE-2021-37641 created at 13 Aug 2021 07:58:01

Severity

Low

Remote

Local

Type

+	Information disclosure

Description

In TensorFlow before version 2.6.0 if the arguments to tf.raw_ops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The implementation directly reads the first dimension of a tensor shape before checking that said tensor has rank of at least 1 (i.e., it is not a scalar). Furthermore, the implementation does not check that the list given by params_nested_splits is not an empty list of tensors.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c8h-vvrj-w2p8
+	https://github.com/tensorflow/tensorflow/commit/a2b743f6017d7b97af1fe49087ae15f0ac634373

Notes

CVE-2021-37644 created at 13 Aug 2021 07:58:01

Severity

Medium

Remote

Local

Type

+	Denial of service

Description

In TensorFlow before version 2.6.0 providing a negative element to num_elements list argument of tf.raw_ops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements. The implementation calls std::vector.resize() with the new size controlled by input given by the user, without checking that this input is valid.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27j5-4p9v-pp67
+	https://github.com/tensorflow/tensorflow/commit/8a6e874437670045e6c7dc6154c7412b4a2135e2

Notes

CVE-2021-37643 created at 13 Aug 2021 07:58:01

Severity

Low

Remote

Local

Type

+	Denial of service

Description

In TensorFlow before version 2.6.0, If a user does not provide a valid padding value to tf.raw_ops.MatrixDiagPartOp, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The implementation reads the first value from a tensor buffer without first checking that the tensor has values to read from.

References

+	https://github.com/tensorflow/tensorflow/commit/482da92095c4d48f8784b1f00dda4f81c28d2988
+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fcwc-p4fc-c5cc

Notes

CVE-2021-37645 created at 13 Aug 2021 07:58:01

Severity

Medium

Remote

Local

Type

+	Incorrect calculation

Description

In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The implementation uses the axis value as the size argument to absl::InlinedVector constructor. But, the constructor uses an unsigned type for the argument, so the implicit conversion transforms the negative value to a large integer.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9w2p-5mgw-p94c
+	https://github.com/tensorflow/tensorflow/commit/96f364a1ca3009f98980021c4b32be5fdcca33a1

Notes

CVE-2021-37646 created at 13 Aug 2021 07:58:01

Severity

Medium

Remote

Local

Type

+	Incorrect calculation

Description

In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.StringNGrams is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The implementation calls reserve on a tstring with a value that sometimes can be negative if user supplies negative ngram_widths. The reserve method calls TF_TString_Reserve which has an unsigned long argument for the size of the buffer. Hence, the implicit conversion transforms the negative value to a large integer.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6jh-7gv5-28vg
+	https://github.com/tensorflow/tensorflow/commit/c283e542a3f422420cfdb332414543b62fc4e4a5

Notes

CVE-2021-37647 created at 13 Aug 2021 07:58:01

Severity

Low

Remote

Local

Type

+	Denial of service

Description

In TensorFlow before version 2.6.0, when a user does not supply arguments that determine a valid sparse tensor, tf.raw_ops.SparseTensorSliceDataset implementation can be made to dereference a null pointer. The implementation has some argument validation but fails to consider the case when either indices or values are provided for an empty sparse tensor when the other is not. If indices is empty, then code that performs validation (i.e., checking that the indices are monotonically increasing) results in a null pointer dereference. If indices as provided by the user is empty, then indices in the C++ code above is backed by an empty std::vector, hence calling indices->dim_size(0) results in null pointer dereferencing (same as calling std::vector::at() on an empty vector).

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c5x2-p679-95wc
+	https://github.com/tensorflow/tensorflow/commit/02cc160e29d20631de3859c6653184e3f876b9d7

Notes

CVE-2021-37648 created at 13 Aug 2021 07:58:01

Severity

Medium

Remote

Local

Type

+	Denial of service

Description

In TensorFlow before version 2.6.0 the code for tf.raw_ops.SaveV2 does not properly validate the inputs and an attacker can trigger a null pointer dereference. The implementation uses ValidateInputs to check that the input arguments are valid. This validation would have caught the illegal state represented by the reproducer above. However, the validation uses OP_REQUIRES which translates to setting the Status object of the current OpKernelContext to an error status, followed by an empty return statement which just terminates the execution of the function it is present in. However, this does not mean that the kernel execution is finalized: instead, execution continues from the next line in Compute that follows the call to ValidateInputs. This is equivalent to lacking the validation.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wp77-4gmm-7cq8
+	https://github.com/tensorflow/tensorflow/commit/9728c60e136912a12d99ca56e106b7cce7af5986

Notes