CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37643 – Null pointer dereference in `MatrixDiagPartOp` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37643
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L89) reads the first value from a tensor buffer without first ch... • https://github.com/tensorflow/tensorflow/commit/482da92095c4d48f8784b1f00dda4f81c28d2988 • CWE-476: NULL Pointer Dereference •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37639 – Null pointer dereference and heap OOB read in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37639
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some tensor names but not enough for a successful restoration. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/save_restore_ten... • https://github.com/tensorflow/tensorflow/commit/9e82dce6e6bd1f36a57e08fa85af213e2b2f2622 • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37638 – Null pointer dereference in `RaggedTensorToTensor` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37638
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereference and undefined behavior. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L328) accesses the first element of a user supplied list of values without validating that the provided list is not empty. We... • https://github.com/tensorflow/tensorflow/commit/301ae88b331d37a2a16159b65b255f4f9eb39314 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37660 – Division by 0 in inplace operations in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37660
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/inplace_ops.cc#L283) has a logic error: it should skip processing if `x` and `v` are empty but the code uses `||` instead of `&&`. We have patched t... • https://github.com/tensorflow/tensorflow/commit/e86605c0a336c088b638da02135ea6f9f6753618 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37653 – Division by 0 in `ResourceGather` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37653
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L725-L731) computes the value of a value, `batch_size`, and then divides by it without checking that this value is not 0. We have patched the issue in GitHub commit ac1... • https://github.com/tensorflow/tensorflow/commit/ac117ee8a8ea57b73d34665cdf00ef3303bc0b11 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37642 – Division by 0 in `ResourceScatterDiv` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37642
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/resource_variable_ops.cc#L865) uses a common class for all binary operations but fails to treat the division by 0 case separately. We have patched the issue in GitHub commit 4aacb30888638da75023... • https://github.com/tensorflow/tensorflow/commit/4aacb30888638da75023e6601149415b39763d76 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37640 – Integer division by 0 in sparse reshaping in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37640
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L176-L181) calls the reshaping functor whenever there is at least an index in the input but does not check that shape of the input or the target shape have both a ... • https://github.com/tensorflow/tensorflow/commit/4923de56ec94fff7770df259ab7f2288a74feb41 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37636 – Floating point exception in `SparseDenseCwiseDiv` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37636
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc#L56) uses a common class for all binary operations but fails to treat the division by 0 case separately. We have patched the issue in GitHub commit d9204be9f495... • https://github.com/tensorflow/tensorflow/commit/d9204be9f49520cdaaeb2541d1dc5187b23f31d9 • CWE-369: Divide By Zero •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 2CVE-2021-35958
https://notcve.org/view.php?id=CVE-2021-35958
30 Jun 2021 — TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives ** EN DISPUTA ** TensorFlow versiones hasta 2.5.0, permite a atacantes sobrescribir archivos arbitrarios por medio de un archivo diseñado cuando se usa la función tf.keras.utils.get_file con extract=True. NOTA: la posición del proveedor es que la función tf.keras.... • https://github.com/miguelc49/CVE-2021-35958-2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •