CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41206 – Incomplete validation of shapes in multiple TF ops
https://notcve.org/view.php?id=CVE-2021-41206
TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or `CHECK`-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. We have discovered these issues internally via tooling while working on improving/testing GPU op determinism. As such, we don't have reproducers and there will be multiple fixes for these issues. • https://github.com/tensorflow/tensorflow/commit/4d74d8a00b07441cba090a02e0dd9ed385145bf4 https://github.com/tensorflow/tensorflow/commit/4dddb2fd0b01cdd196101afbba6518658a2c9e07 https://github.com/tensorflow/tensorflow/commit/579261dcd446385831fe4f7457d802a59685121d https://github.com/tensorflow/tensorflow/commit/68422b215e618df5ad375bcdc6d2052e9fd3080a https://github.com/tensorflow/tensorflow/commit/da4aad5946be30e5f049920fa076e1f7ef021261 https://github.com/tensorflow/tensorflow/commit/e7f497570abb6b4ae5af4970620cd880e4c0c904 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41208 – Incomplete validation in boosted trees code
https://notcve.org/view.php?id=CVE-2021-41208
TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures) as well as abuse undefined behavior (binding references to `nullptr`s). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. • https://github.com/tensorflow/tensorflow/commit/5c8c9a8bfe750f9743d0c859bae112060b216f5c https://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88 • CWE-476: NULL Pointer Dereference CWE-824: Access of Uninitialized Pointer •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41207 – Division by zero in `ParallelConcat`
https://notcve.org/view.php?id=CVE-2021-41207
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `ParallelConcat` misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. TensorFlow es una plataforma de código abierto para el aprendizaje automático. • https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7v94-64hj-m82h • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41202 – Overflow/crash in `tf.range`
https://notcve.org/view.php?id=CVE-2021-41202
TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the `tf.range` kernel, there is a conditional statement of type `int64 = condition ? int64 : double`. Due to C++ implicit conversion rules, both branches of the condition will be cast to `double` and the result would be truncated before the assignment. This result in overflows. • https://github.com/tensorflow/tensorflow/commit/1b0e0ec27e7895b9985076eab32445026ae5ca94 https://github.com/tensorflow/tensorflow/commit/6d94002a09711d297dbba90390d5482b76113899 https://github.com/tensorflow/tensorflow/issues/46889 https://github.com/tensorflow/tensorflow/issues/46912 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41209 – FPE in convolutions with zero size filters
https://notcve.org/view.php?id=CVE-2021-41209
TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. TensorFlow es una plataforma de código abierto para el aprendizaje automático. • https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6 • CWE-369: Divide By Zero •