CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23594 – Out of bounds read in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23594
04 Feb 2022 — Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is po... • https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23590 – Crash due to erroneous `StatusOr` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23590
04 Feb 2022 — Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected. Tensorflow es un Marco de Aprendizaje Automático de Código Abierto. Un "GraphDef" de un "SavedModel" d... • https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L560-L567 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23591 – Stack overflow in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23591
04 Feb 2022 — Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. • https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23593 – Segfault in `simplifyBroadcast` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23593
04 Feb 2022 — Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. • https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.cc#L149-L205 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-21740 – Heap overflow in Tensorflow
https://notcve.org/view.php?id=CVE-2022-21740
03 Feb 2022 — Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Tensorflow es un marco de aprendizaje automático de código abierto. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc#L168-L273 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-21741 – Division by zero in TFLite
https://notcve.org/view.php?id=CVE-2022-21741
03 Feb 2022 — Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive. The fix will be included in TensorFlow 2.8.0. ... • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/lite/kernels/depthwise_conv.cc#L96 • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-21737 – Assertion failure based denial of service in Tensorflow
https://notcve.org/view.php?id=CVE-2022-21737
03 Feb 2022 — Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious users to cause denial of service by passing in arguments which would trigger a `CHECK`-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in `CHECK` failures later when the output tensors get allocated. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/bincount_op.cc • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-21738 – Integer overflow leading to crash in Tensorflow
https://notcve.org/view.php?id=CVE-2022-21738
03 Feb 2022 — Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Tensorflow es un marco de aprendizaje automático de código abierto. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc#L168-L273 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-21739 – Null pointer dereference in TensorFlow
https://notcve.org/view.php?id=CVE-2022-21739
03 Feb 2022 — Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Tensorflow es un marco de aprendizaje automático de código abierto. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/quantized_pooling_ops.cc#L114-L130 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-21734 – `CHECK`-failures in Tensorflow
https://notcve.org/view.php?id=CVE-2022-21734
03 Feb 2022 — Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Tensorflow es un marco de aprendizaje automático de código abierto. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/map_stage_op.cc#L519-L550 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •