CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21233
https://notcve.org/view.php?id=CVE-2018-21233
TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc. ensorFlow versiones anteriores a la versión 1.7.0, tiene un desbordamiento de enteros que causa una lectura fuera de límites, posiblemente causando una revelación del contenido de la memoria del proceso. Esto ocurre en la funcionalidad DecodeBmp del decodificador BMP en el archivo core/kernels/decode_bmp_op.cc. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.md https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-5215 – Segmentation faultin TensorFlow when converting a Python string to tf.float16
https://notcve.org/view.php?id=CVE-2020-5215
In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant("hello", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. • https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2 https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9 • CWE-20: Improper Input Validation CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16778 – Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow
https://notcve.org/view.php?id=CVE-2019-16778
In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0. En TensorFlow versiones anteriores a 1.15, un desbordamiento de búfer de la pila puede ser producido en la función UnsortedSegmentSum cuando el argumento de la plantilla Index es int32. En este caso, los campos data_size y num_segments son truncados de int64 hasta int32 y pueden producir números negativos, resultando en el acceso a la memoria de la pila fuera de los límites. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-002.md https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-844w-j86r-4x2j • CWE-122: Heap-based Buffer Overflow CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7575
https://notcve.org/view.php?id=CVE-2018-7575
Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent. Google TensorFlow versiones 1.7.X y anteriores, se ve afectado por una vulnerabilidad de desbordamiento de búfer. El tipo de explotación es: dependiente del contexto. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-004.md • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9635
https://notcve.org/view.php?id=CVE-2019-9635
NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file. Desreferencia de puntero NULL en Google TensorFlow versiones anteriores a 1.12.2 podía causar una denegación de servicio mediante un archivo de GIF no válido. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-001.md • CWE-476: NULL Pointer Dereference •