CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-36018 – `CHECK` fail in `RaggedTensorToVariant` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36018
TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/88f93dfe691563baa4ae1e80ccde2d5c7a143821 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-36019 – `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36019
TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35990 – `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35990
TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.There are no known workarounds for this issue. • https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35986 – Segfault in `RaggedBincount` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35986
TensorFlow is an open source platform for machine learning. If `RaggedBincount` is given an empty input tensor `splits`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/7a4591fd4f065f4fa903593bc39b2f79530a74b8 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wr9v-g9vf-c74v • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35987 – `CHECK` fail in `DenseBincount` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35987
TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf4c14353c2328636a18bfad1e151052c81d5f43. The fix will be included in TensorFlow 2.10.0. • https://github.com/tensorflow/tensorflow/commit/bf4c14353c2328636a18bfad1e151052c81d5f43 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49 • CWE-617: Reachable Assertion •