tensorflow

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Library for computation using data flow graphs for scalable machine learning
Version 2.5.0-6 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-2114 2.5.0-6 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-35958 AVG-2114 Medium Yes Arbitrary file overwrite
** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1962 2.4.1-10 2.5.0-1 Critical Fixed
AVG-1350 2.3.1-7 2.4.0rc4-1 Medium Fixed
AVG-1348 2.4.0rc4-2 2.4.0-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2021-29619 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Passing invalid arguments (e.g., discovered via fuzzing) to...
CVE-2021-29618 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Passing a complex argument to `tf.transpose` at the same time as passing...
CVE-2021-29617 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with...
CVE-2021-29616 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of TrySimplify(https://github.com/tensorflow/tensor...
CVE-2021-29615 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `ParseAttrValue`(https://github.com/tensorflow/t...
CVE-2021-29614 AVG-1962 Critical No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.io.decode_raw` produces incorrect results and crashes the...
CVE-2021-29613 AVG-1962 High No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. Incomplete validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read...
CVE-2021-29612 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a heap buffer overflow in Eigen implementation of...
CVE-2021-29611 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Incomplete validation in `SparseReshape` results in a denial of service based on a...
CVE-2021-29610 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. The validation in `tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis`...
CVE-2021-29609 AVG-1962 Critical No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined...
CVE-2021-29608 AVG-1962 Medium No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. Due to lack of validation in `tf.raw_ops.RaggedTensorToTensor`, an attacker can exploit...
CVE-2021-29607 AVG-1962 Medium No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined...
CVE-2021-29606 AVG-1962 High No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite...
CVE-2021-29605 AVG-1962 Critical No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. The TFLite code for allocating `TFLiteIntArray`s is vulnerable to an integer overflow...
CVE-2021-29604 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The TFLite implementation of hashtable lookup is vulnerable to a division by zero...
CVE-2021-29603 AVG-1962 Medium No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite...
CVE-2021-29602 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `DepthwiseConv` TFLite operator is vulnerable to a division by...
CVE-2021-29601 AVG-1962 High No Insufficient validation
A security issue has been found in TensorFlow before version 2.4.2. The TFLite implementation of concatenation is vulnerable to an integer overflow...
CVE-2021-29600 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `OneHot` TFLite operator is vulnerable to a division by zero...
CVE-2021-29599 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `Split` TFLite operator is vulnerable to a division by zero...
CVE-2021-29598 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `SVDF` TFLite operator is vulnerable to a division by zero...
CVE-2021-29597 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `SpaceToBatchNd` TFLite operator is [vulnerable to a division...
CVE-2021-29596 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `EmbeddingLookup` TFLite operator is vulnerable to a division...
CVE-2021-29595 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `DepthToSpace` TFLite operator is vulnerable to a division by...
CVE-2021-29594 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. TFLite's convolution code(https://github.com/tensorflow/tensorflow/blo...
CVE-2021-29593 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `BatchToSpaceNd` TFLite operator is vulnerable to a division...
CVE-2021-29592 AVG-1962 Medium No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The fix for CVE-2020-15209(https://cve.mitre.org/cgi-...
CVE-2021-29591 AVG-1962 High No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. TFlite graphs must not have loops between nodes. However, this condition was not checked...
CVE-2021-29590 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. The implementations of the `Minimum` and `Maximum` TFLite operators can be used to read...
CVE-2021-29589 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The reference implementation of the `GatherNd` TFLite operator is vulnerable to a...
CVE-2021-29588 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The optimized implementation of the `TransposeConv` TFLite operator is [vulnerable to a...
CVE-2021-29587 AVG-1962 Low No Insufficient validation
A security issue has been found in TensorFlow before version 2.4.2. The `Prepare` step of the `SpaceToDepth` TFLite operator does not check for 0 before...
CVE-2021-29586 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Optimized pooling implementations in TFLite fail to check that the stride arguments are...
CVE-2021-29585 AVG-1962 Low No Insufficient validation
A security issue has been found in TensorFlow before version 2.4.2. The TFLite computation for size of output after padding, `ComputeOutSi...
CVE-2021-29584 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in caused by an integer...
CVE-2021-29583 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.FusedBatchNorm` is vulnerable to a heap buffer...
CVE-2021-29582 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. Due to lack of validation in `tf.raw_ops.Dequantize`, an attacker can trigger a read...
CVE-2021-29581 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Due to lack of validation in `tf.raw_ops.CTCBeamSearchDecoder`, an attacker can trigger...
CVE-2021-29580 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.FractionalMaxPoolGrad` triggers an undefined behavior...
CVE-2021-29579 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPoolGrad` is vulnerable to a heap buffer overflow....
CVE-2021-29578 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.FractionalAvgPoolGrad` is vulnerable to a heap buffer...
CVE-2021-29577 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.AvgPool3DGrad` is vulnerable to a heap buffer...
CVE-2021-29576 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPool3DGradGrad` is vulnerable to a heap buffer...
CVE-2021-29575 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.ReverseSequence` allows for stack overflow and/or...
CVE-2021-29574 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPool3DGradGrad` exhibits undefined behavior by...
CVE-2021-29573 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` is vulnerable to a division by...
CVE-2021-29572 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to...
CVE-2021-29571 AVG-1962 Medium No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of...
CVE-2021-29570 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of...
CVE-2021-29569 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of...
CVE-2021-29568 AVG-1962 Low No Insufficient validation
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger undefined behavior by binding to null pointer in...
CVE-2021-29567 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Due to lack of validation in `tf.raw_ops.SparseDenseCwiseMul`, an attacker can trigger...
CVE-2021-29566 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can write outside the bounds of heap allocated arrays by passing invalid...
CVE-2021-29565 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a null pointer dereference in the implementation of...
CVE-2021-29564 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a null pointer dereference in the implementation of...
CVE-2021-29563 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from...
CVE-2021-29562 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from...
CVE-2021-29561 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from...
CVE-2021-29560 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This...
CVE-2021-29559 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. An attacker can access data outside of bounds of heap allocated array in...
CVE-2021-29558 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow in `tf.raw_ops.SparseSplit`. This is...
CVE-2021-29557 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service via a FPE runtime error in...
CVE-2021-29556 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service via a FPE runtime error in...
CVE-2021-29555 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service via a FPE runtime error in...
CVE-2021-29554 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service via a FPE runtime error in...
CVE-2021-29553 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. An attacker can read data outside of bounds of heap allocated buffer in...
CVE-2021-29552 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service by controlling the values of `num_segments`...
CVE-2021-29551 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `MatrixTriangularSolve`(https://github.com/tenso...
CVE-2021-29550 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a runtime division by zero error and denial of service in...
CVE-2021-29549 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a runtime division by zero error and denial of service in...
CVE-2021-29548 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a runtime division by zero error and denial of service in...
CVE-2021-29547 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a segfault and denial of service via accessing data outside of...
CVE-2021-29546 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger an integer division by zero undefined behavior in...
CVE-2021-29545 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in converting sparse...
CVE-2021-29544 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in...
CVE-2021-29543 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in...
CVE-2021-29542 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow by passing crafted inputs to...
CVE-2021-29541 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a dereference of a null pointer in `tf.raw_ops.StringNGrams`....
CVE-2021-29540 AVG-1962 Low No Insufficient validation
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow to occur in `Conv2DBackpropFilter`. This is...
CVE-2021-29539 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Calling `tf.raw_ops.ImmutableConst`(https://www.tensorflow.org/api_doc...
CVE-2021-29538 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a division by zero to occur in `Conv2DBackpropFilter`. This is...
CVE-2021-29537 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow in `QuantizedResizeBilinear` by passing in...
CVE-2021-29536 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow in `QuantizedReshape` by passing in invalid...
CVE-2021-29535 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow in `QuantizedMul` by passing in invalid...
CVE-2021-29534 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in...
CVE-2021-29533 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK` failure by passing an empty...
CVE-2021-29532 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. An attacker can force accesses outside the bounds of heap allocated arrays by passing in...
CVE-2021-29531 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a `CHECK` fail in PNG encoding by providing an empty input...
CVE-2021-29530 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a null pointer dereference by providing an invalid `permutation`...
CVE-2021-29529 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a heap buffer overflow in `tf.raw_ops.QuantizedResizeBilinear`...
CVE-2021-29528 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedMul`. This is because...
CVE-2021-29527 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedConv2D`. This is because...
CVE-2021-29526 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2D`. This is because the...
CVE-2021-29525 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2DBackpropInput`. This is...
CVE-2021-29524 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2DBackpropFilter`. This is...
CVE-2021-29523 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in...
CVE-2021-29522 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The `tf.raw_ops.Conv3DBackprop*` operations fail to validate that the input tensors are...
CVE-2021-29521 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Specifying a negative dense shape in `tf.raw_ops.SparseCountSparseOutput` results in a...
CVE-2021-29520 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. Missing validation between arguments to `tf.raw_ops.Conv3DBackprop*` operations can...
CVE-2021-29519 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The API of `tf.raw_ops.SparseCross` allows combinations which would result in a...
CVE-2021-29518 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. In eager mode (default in TF 2.0 and later), session operations are invalid. However,...
CVE-2021-29517 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. A malicious user could trigger a division by 0 in `Conv3D` implementation. The...
CVE-2021-29516 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Calling `tf.raw_ops.RaggedTensorToVariant` with arguments specifying an invalid ragged...
CVE-2021-29515 AVG-1962 Low No Insufficient validation
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `MatrixDiag*` operations(https://github.com/tens...
CVE-2021-29514 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. If the `splits` argument of `RaggedBincount` does not specify a valid `Sp...
CVE-2021-29513 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Calling TF operations with tensors of non-numeric types when the operations expect...
CVE-2021-29512 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. If the "splits" argument of RaggedBincount does not specify a valid SparseTensor, then...
CVE-2020-26271 AVG-1348 High No Information disclosure
In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation...
CVE-2020-26270 AVG-1348 Low No Denial of service
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when...
CVE-2020-26269 AVG-1348 Critical No Information disclosure
In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access...
CVE-2020-26268 AVG-1348 Low No Denial of service
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed...
CVE-2020-26267 AVG-1348 Low No Information disclosure
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that...
CVE-2020-26266 AVG-1348 Low No Information disclosure
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having...
CVE-2020-15266 AVG-1350 Low No Denial of service
In Tensorflow before version 2.4.0, when the boxes argument of tf.image.crop_and_resize has a very large value, the CPU kernel implementation receives it as...
CVE-2020-15265 AVG-1350 Medium No Denial of service
In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantize_and_dequantize. This results in accessing a...

Advisories

Date Advisory Group Severity Type
16 Dec 2020 ASA-202012-22 AVG-1348 Critical multiple issues