CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 2CVE-2022-29191 – Missing validation causes denial of service via `GetSessionTensor` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-29191
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. TensorFlow es una plataforma de código abierto para el aprendizaje automático. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L94-L112 https://github.com/tensorflow/tensorflow/commit/48305e8ffe5246d67570b64096a96f8e315a7281 https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0 https://github.com/tensorflow/tensorflow/security/advi • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 2CVE-2022-29192 – Missing validation crashes `QuantizeAndDequantizeV4Grad` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-29192
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. TensorFlow es una plataforma de código abierto para el aprendizaje automático. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L148-L226 https://github.com/tensorflow/tensorflow/commit/098e7762d909bac47ce1dbabe6dfd06294cb9d58 https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0 https://github.com/tensorflow/tensorflow • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23561 – Out of bounds write in TFLite
https://notcve.org/view.php?id=CVE-2022-23561
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions. The fix will be included in TensorFlow 2.8.0. • https://github.com/tensorflow/tensorflow/commit/6c0b2b70eeee588591680f5b7d5d38175fd7cdf6 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23557 – Division by zero in TFLite
https://notcve.org/view.php?id=CVE-2022-23557
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/lite/kernels/internal/common.h#L75 https://github.com/tensorflow/tensorflow/commit/8c6f391a2282684a25cbfec7687bd5d35261a209 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v • CWE-369: Divide By Zero •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 2CVE-2022-23558 – Integer overflow in TFLite array creation
https://notcve.org/view.php?id=CVE-2022-23558
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An attacker can control model inputs such that `computed_size` overflows the size of `int` datatype. The fix will be included in TensorFlow 2.8.0. • https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/c/common.c#L24-L33 https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/c/common.c#L53-L60 https://github.com/tensorflow/tensorflow/commit/a1e1511dde36b3f8aa27a6ec630838e7ea40e091 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3 • CWE-190: Integer Overflow or Wraparound •