Page 78 of 429 results (0.006 seconds)

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.DenseCountSparseOutput`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/efff014f3b2d8ef6141da30c806faf141297eca1/tensorflow/core/kernels/count_ops.cc#L123-L127) computes a divisor value from user data but does not check that the result is 0 before doing the division. Since `data` is given by the `values` argument, `num_batch_elements` is 0. The fix will be included in TensorFlow 2.5.0. • https://github.com/tensorflow/tensorflow/commit/da5ff2daf618591f64b2b62d9d9803951b945e9f https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qg48-85hg-mqc5 • CWE-369: Divide By Zero •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the `splits` tensor buffer in the implementation of the `RaggedBincount` op(https://github.com/tensorflow/tensorflow/blob/8b677d79167799f71c42fd3fa074476e0295413a/tensorflow/core/kernels/bincount_op.cc#L430-L433). Before the `for` loop, `batch_idx` is set to 0. The user controls the `splits` array, making it contain only one element, 0. • https://github.com/tensorflow/tensorflow/commit/eebb96c2830d48597d055d247c0e9aebaea94cd5 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4278-2v5v-65r4 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1

In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. En las versiones afectadas de TensorFlow, en determinados casos, un modelo guardado puede activar el uso de valores no inicializados durante la ejecución del código. Esto es debido a que los búferes de tensor se llenan con el valor predeterminado del tipo, pero se olvidan de inicializar por defecto los tipos de punto flotante cuantificados en Eigen. • https://github.com/tensorflow/tensorflow/commit/ace0c15a22f7f054abcc1f53eabbcb0a1239a9e2 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhxx-j73r-qpm2 • CWE-908: Use of Uninitialized Resource •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1

In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. En las versiones afectadas de TensorFlow, la API tf.raw_ops.DataFormatVecPermute no comprueba los atributos src_format y dst_format. • https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7 • CWE-125: Out-of-bounds Read •

CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 1

In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. • https://github.com/tensorflow/tensorflow/commit/c1e1fc899ad5f8c725dcbb6470069890b5060bc7 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hhvc-g5hv-48c6 • CWE-471: Modification of Assumed-Immutable Data (MAID) •