CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23575 – Integer overflow in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23575
04 Feb 2022 — The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. • https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1552-L1558 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23576 – Integer overflow in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23576
04 Feb 2022 — The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. • https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1598-L1617 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23587 – Integer overflow in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23587
04 Feb 2022 — Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. • https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L2621-L2689 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-21738 – Integer overflow leading to crash in Tensorflow
https://notcve.org/view.php?id=CVE-2022-21738
03 Feb 2022 — The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc#L168-L273 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-21729 – Overflow and uncaught divide by zero in Tensorflow
https://notcve.org/view.php?id=CVE-2022-21729
03 Feb 2022 — The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/unravel_index_op.cc#L36-L135 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23567 – Integer overflows in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23567
03 Feb 2022 — The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23568 – Integer overflows in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23568
03 Feb 2022 — The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer overflow which results in a `CHECK`-fail when building new `TensorShape` objects (so, an assert failure based denial of service). • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_tensors_map_ops.cc • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-21733 – Memory exhaustion in Tensorflow
https://notcve.org/view.php?id=CVE-2022-21733
03 Feb 2022 — The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/string_ngrams_op.cc#L29-L161 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-21727 – Integer overflow in Tensorflow
https://notcve.org/view.php?id=CVE-2022-21727
03 Feb 2022 — The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow weakness. ... Unfortunately, the upper bound is not checked, and, since the code computes `axis + 1`, an attacker can trigger an integer overflow. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L3001-L3034 • CWE-190: Integer Overflow or Wraparound •
CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3716 – nbdkit: NBD_OPT_STRUCTURED_REPLY injection on STARTTLS
https://notcve.org/view.php?id=CVE-2021-3716
02 Feb 2022 — Issues addressed include buffer overflow, integer overflow, null pointer, out of bounds access, out of bounds read, and use-after-free vulnerabilities. • https://bugzilla.redhat.com/show_bug.cgi?id=1994695 • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •