CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35997 – `CHECK` fail in `tf.sparse.cross` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35997
16 Sep 2022 — TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/83dcb4dbfa094e33db084e97c4d0531a559e0ebf • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35995 – `CHECK` fail in `AudioSummaryV2` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35995
16 Sep 2022 — TensorFlow is an open source platform for machine learning. When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf6b45244992e2ee543c258e519489659c99fb7f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/bf6b45244992e2ee543c258e519489659c99fb7f • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-36016 – `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36016
16 Sep 2022 — TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status. We have patched the issue in GitHub commit 6104f0d4091c260ce9352f9155f7e9b725eab012. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range... • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-36005 – `CHECK` fail in `FakeQuantWithMinMaxVarsGradient` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36005
16 Sep 2022 — TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supp... • https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-36004 – `CHECK` fail in `tf.random.gamma` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36004
16 Sep 2022 — TensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-36003 – `CHECK` fail in `RandomPoissonV2` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36003
16 Sep 2022 — TensorFlow is an open source platform for machine learning. When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-36002 – `CHECK` fail in `Unbatch` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36002
16 Sep 2022 — TensorFlow is an open source platform for machine learning. When `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/4419d10d576adefa36b0e0a9425d2569f7c0189f • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-36001 – `CHECK` fail in `DrawBoundingBoxes` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36001
16 Sep 2022 — TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/da0d65cdc1270038e72157ba35bf74b85d9bda11 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-36026 – `CHECK` fail in `QuantizeAndDequantizeV3` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36026
16 Sep 2022 — TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/f3f9cb38ecfe5a8a703f2c4a8fead434ef291713 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-36018 – `CHECK` fail in `RaggedTensorToVariant` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36018
16 Sep 2022 — TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected an... • https://github.com/tensorflow/tensorflow/commit/88f93dfe691563baa4ae1e80ccde2d5c7a143821 • CWE-617: Reachable Assertion •