CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35966 – Segfault in `QuantizedAvgPool` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35966
TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7cdf9d4d2083b739ec81cfdace546b0c99f50622. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/7cdf9d4d2083b739ec81cfdace546b0c99f50622 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35967 – Segfault in `QuantizedAdd` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35967
TensorFlow is an open source platform for machine learning. If `QuantizedAdd` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35964 – Segfault in `BlockLSTMGradV2` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35964
TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 2a458fc4866505be27c62f81474ecb2b870498fa. The fix will be included in TensorFlow 2.10.0. • https://github.com/tensorflow/tensorflow/commit/2a458fc4866505be27c62f81474ecb2b870498fa https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35965 – Segfault in `LowerBound` and `UpperBound` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35965
TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/bce3717eaef4f769019fd18e990464ca4a2efeea https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35963 – `CHECK` failures in `FractionalAvgPoolGrad` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35963
TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0. • https://github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dad https://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm • CWE-617: Reachable Assertion •