NotCVE - vendor:"Google" product:"Tensorflow" version:" >= 2.1.0

Page 18 of 302 results (0.006 seconds)

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 2

CVE-2022-29211 – Segfault in TensorFlow if `tf.histogram_fixed_width` is called with NaN values

https://notcve.org/view.php?id=CVE-2022-29211

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc#L35-L74 https://github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5 https://github.com/tensorflow/tensorflow/issues/45770 https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 https://github • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 2

CVE-2022-29212 – Core dump when loading TFLite models with quantization in TensorFlow

https://notcve.org/view.php?id=CVE-2022-29212

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling `QuantizeMultiplierSmallerThanOneExp`, the `TFLITE_CHECK_LT` assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/lite/kernels/internal/quantization_util.cc#L114-L123 https://github.com/tensorflow/tensorflow/commit/a989426ee1346693cc015792f11d715f6944f2b8 https://github.com/tensorflow/tensorflow/issues/43661 https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 https://github.com/tensorflow/tensorflow/releases/tag • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1

CVE-2022-29201 – Missing validation in `QuantizedConv2D` results in undefined behavior in TensorFlow

https://notcve.org/view.php?id=CVE-2022-29201

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. TensorFlow es una plataforma de código abierto para el aprendizaje automático. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantized_conv_ops.cc https://github.com/tensorflow/tensorflow/commit/0f0b080ecde4d3dfec158d6f60da34d5e31693c4 https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0 https://github.com/tensorflow/tensorflow/security/advisories • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1

CVE-2022-29202 – Denial of service in TensorFlow due to lack of validation in `tf.ragged.constant`

https://notcve.org/view.php?id=CVE-2022-29202

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. TensorFlow es una plataforma de código abierto para el aprendizaje automático. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/ops/ragged/ragged_factory_ops.py#L146-L239 https://github.com/tensorflow/tensorflow/commit/bd4d5583ff9c8df26d47a23e508208844297310e https://github.com/tensorflow/tensorflow/issues/55199 https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 https://github.com/tensorflow/tensorflow/releases/ta • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1

CVE-2022-29203 – Integer overflow in `SpaceToBatchND` in TensorFlow

https://notcve.org/view.php?id=CVE-2022-29203

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. TensorFlow es una plataforma de código abierto para el aprendizaje automático. En versiones anteriores a 2.9.0, 2.8.1, 2.7.2 y 2.6.4, la implementación de "tf.raw_ops.SpaceToBatchND" (en todos los backends como XLA y kernels manuscritos) es vulnerable a un desbordamiento de enteros: El resultado de este desbordamiento de enteros es usado para asignar el tensor de salida, por lo que es obtenido una denegación de servicio por medio de un fallo de "CHECK" (fallo de aserción), como en TFSA-2021-198. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjm6-4vf7-c • CWE-190: Integer Overflow or Wraparound •

1...16 17 18 19 20