issues
advisories
todo
stats
log
login

Log

« prev 1 2 … 468 469 470 471 472 473 474 … 2047 2048 next »

CVE-2021-37659 created at 13 Aug 2021 07:57:59

Severity

Low

Remote

Local

Type

+	Information disclosure

Description

In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise operations). The implementation assumes that the two inputs have exactly the same number of elements but does not check that. Hence, when the eigen functor executes it triggers heap OOB reads and undefined behavior due to binding to nullptr.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q3g3-h9r4-prrc
+	https://github.com/tensorflow/tensorflow/commit/93f428fd1768df147171ed674fee1fc5ab8309ec

Notes

CVE-2021-37660 created at 13 Aug 2021 07:57:59

Severity

Low

Remote

Local

Type

+	Denial of service

Description

+	In TensorFlow before version 2.6.0 an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation has a logic error: it should skip processing if x and v are empty but the code uses \|\| instead of &&.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cm5x-837x-jf3c
+	https://github.com/tensorflow/tensorflow/commit/e86605c0a336c088b638da02135ea6f9f6753618

Notes

CVE-2021-37661 created at 13 Aug 2021 07:57:59

Severity

High

Remote

Local

Type

+	Denial of service

Description

In TensorFlow before version 2.6.0 an attacker can cause a denial of service in boosted_trees_create_quantile_stream_resource by using negative arguments. The implementation does not validate that num_streams only contains non-negative numbers. In turn, this results in using this value to allocate memory. However, reserve receives an unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned. This results in a crash from the standard library.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf88-j2mg-cc82
+	https://github.com/tensorflow/tensorflow/commit/8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992

Notes

CVE-2021-37662 created at 13 Aug 2021 07:57:59

Severity

Low

Remote

Local

Type

+	Insufficient validation

Description

In TensorFlow before version 2.6.0 an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The implementation does not validate the input values.and in commit 429f009d2b2c09028647dd4bb7b3f6f414bbaad7.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f5cx-5wr3-5qrc
+	https://github.com/tensorflow/tensorflow/commit/9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad
+	https://github.com/tensorflow/tensorflow/commit/429f009d2b2c09028647dd4bb7b3f6f414bbaad7

Notes

CVE-2021-37664 created at 13 Aug 2021 07:57:59

Severity

Medium

Remote

Local

Type

+	Information disclosure

Description

+	In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The implementation needs to validate that each value in stats_summary_indices is in range.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r4c4-5fpq-56wg
+	https://github.com/tensorflow/tensorflow/commit/e84c975313e8e8e38bb2ea118196369c45c51378

Notes

CVE-2021-37663 created at 13 Aug 2021 07:57:59

Severity

Medium

Remote

Local

Type

+	Information disclosure

Description

In TensorFlow before version 2.6.0 due to incomplete validation in tf.raw_ops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation has some validation but does not check that min_range and max_range both have the same non-zero number of elements. If axis is provided (i.e., not -1), then validation should check that it is a value in range for the rank of input tensor and then the lengths of min_range and max_range inputs match the axis dimension of the input tensor.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j
+	https://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708

Notes

CVE-2021-37665 created at 13 Aug 2021 07:57:59

Severity

Medium

Remote

Local

Type

+	Insufficient validation

Description

In TensorFlow before version 2.6.0 due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation does not validate the dimensions of the input tensor. A similar issue occurs in MklRequantizePerChannelOp. The implementation does not perform full validation for all the input arguments and in the Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v82p-hv3v-p6qp
+	https://github.com/tensorflow/tensorflow/commit/9e62869465573cb2d9b5053f1fa02a81fce21d69
+	https://github.com/tensorflow/tensorflow/commit/203214568f5bc237603dbab6e1fd389f1572f5c9

Notes

CVE-2021-37666 created at 13 Aug 2021 07:57:59

Severity

Low

Remote

Local

Type

+	Insufficient validation

Description

+	In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case when the argument would be empty.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w4xf-2pqw-5mq7
+	https://github.com/tensorflow/tensorflow/commit/be7a4de6adfbd303ce08be4332554dff70362612

Notes

CVE-2021-37667 created at 13 Aug 2021 07:57:58

Severity

Low

Remote

Local

Type

+	Insufficient validation

Description

+	In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.UnicodeEncode. The implementation reads the first dimension of the input_splits tensor before validating that this tensor is not empty.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w74j-v8xh-3w5h
+	https://github.com/tensorflow/tensorflow/commit/2e0ee46f1a47675152d3d865797a18358881d7a6

Notes

CVE-2021-37668 created at 13 Aug 2021 07:57:58

Severity

Low

Remote

Local

Type

+	Denial of service

Description

In TensorFlow before version 2.6.0 an attacker can cause denial of service in applications serving models using tf.raw_ops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not empty. Hence, if one element of dims is 0, the implementation does a division by 0.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2wmv-37vq-52g5
+	https://github.com/tensorflow/tensorflow/commit/a776040a5e7ebf76eeb7eb923bf1ae417dd4d233

Notes