CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37644 – `std::abort` raised from `TensorListReserve` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37644
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to abort the process due to reallocating a `std::vector` to have a negative number of elements. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/list_kernels.cc#L312) calls `std::vector.resize()` with the new size controlle... • https://github.com/tensorflow/tensorflow/commit/8a6e874437670045e6c7dc6154c7412b4a2135e2 • CWE-617: Reachable Assertion •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37654 – Heap OOB and CHECK fail in `ResourceGather` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37654
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.ResourceGather` or a read from outside the bounds of heap allocated data in the same API in a release build. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L660-L668) does not check that the `batch_dims` value t... • https://github.com/tensorflow/tensorflow/commit/bc9c546ce7015c57c2f15c168b3d9201de679a1d • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37641 – Heap OOB in `RaggedGather` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37641
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/ragged_gather_op.cc#L70) directly reads the first dimension of a tensor shape before checking that said tensor has rank of at leas... • https://github.com/tensorflow/tensorflow/commit/a2b743f6017d7b97af1fe49087ae15f0ac634373 • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37635 – Heap out of bounds access in sparse reduction operations in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37635
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_reduce_op.cc#L217-L228) fails to validate that each reduction group does not overflow and that each corresponding index does not point to outside the boun... • https://github.com/tensorflow/tensorflow/commit/87158f43f05f2720a374f3e6d22a7aaa3a33f750 • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37664 – Heap OOB in boosted trees in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37664
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) needs to validate that each value in `stats_summary_indices` is in range. We have patched the is... • https://github.com/tensorflow/tensorflow/commit/e84c975313e8e8e38bb2ea118196369c45c51378 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37659 – Out of bounds read via null pointer dereference in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37659
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise operations). The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/cwise_ops_common.h#L264) assumes that the two inputs have exactly the same number of elements but ... • https://github.com/tensorflow/tensorflow/commit/93f428fd1768df147171ed674fee1fc5ab8309ec • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37655 – Heap OOB in `ResourceScatterUpdate` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37655
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to `tf.raw_ops.ResourceScatterUpdate`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923) has an incomplete validation of the relationship between the shapes of `indices` and `updates`: instead of ... • https://github.com/tensorflow/tensorflow/commit/01cff3f986259d661103412a20745928c727326f • CWE-125: Out-of-bounds Read •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37637 – Null pointer dereference in `CompressElement` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37637
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/data/compression_utils.cc#L34) was accessing the size of a buffer obtained from the return of a separate function call before validating that said buffer is valid. We have patched the issue... • https://github.com/tensorflow/tensorflow/commit/5dc7f6981fdaf74c8c5be41f393df705841fb7c5 • CWE-476: NULL Pointer Dereference •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37649 – Null pointer dereference in `UncompressElement` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37649
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/compression_ops.cc#L50-L53) obtains a pointer to a `CompressedElement` from a `Variant` tensor and then proceeds to dereference it for decompressing. There is no check that the `Variant` tensor co... • https://github.com/tensorflow/tensorflow/commit/7bdf50bb4f5c54a4997c379092888546c97c3ebd • CWE-476: NULL Pointer Dereference •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37647 – Null pointer dereference in `SparseTensorSliceDataset` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37647
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation can be made to dereference a null pointer. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L240-L251) has some argument validation but fails to consider the case when either `indices` or `v... • https://github.com/tensorflow/tensorflow/commit/02cc160e29d20631de3859c6653184e3f876b9d7 • CWE-476: NULL Pointer Dereference •