Page 35 of 359 results (0.006 seconds)

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. TensorFlow es una plataforma de código abierto para el aprendizaje automático. • https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6 • CWE-369: Divide By Zero •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and `CHECK`-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats. The fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/368af875869a204b4ac552b9ddda59f6a46a56ec https://github.com/tensorflow/tensorflow/commit/abcced051cb1bd8fb05046ac3b6023a7ebcc4578 https://github.com/tensorflow/tensorflow/commit/b619c6f865715ca3b15ef1842b5b95edbaa710ad https://github.com/tensorflow/tensorflow/commit/e8dc63704c88007ee4713076605c90188d66f3d2 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2 • CWE-190: Integer Overflow or Wraparound CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `DeserializeSparse` can trigger a null pointer dereference. This is because the shape inference function assumes that the `serialize_sparse` tensor is a tensor with positive rank (and having `3` as the last dimension). The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/d3738dd70f1c9ceb547258cbb82d853da8771850 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x3v8-c8qx-3j3r • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1

TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an `Enter` node) always exists when encountering the second node (e.g., an `Exit` node). When this is not the case, `parent` is `nullptr` so dereferencing it causes a crash. The fix will be included in TensorFlow 2.7.0. • https://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to `nullptr`. This occurs whenever the dimensions of `a` or `b` are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, we should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access. • https://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x • CWE-125: Out-of-bounds Read CWE-824: Access of Uninitialized Pointer •