CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0649 – Stack Exhaustion In Tensorflow Serving
https://notcve.org/view.php?id=CVE-2025-0649
06 May 2025 — Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash. Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash. • https://github.com/tensorflow/serving/commit/6cb013167d13f2ed3930aabb86dbc2c8c53f5adf • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33976 – TensorFlow segfault in array_ops.upper_bound
https://notcve.org/view.php?id=CVE-2023-33976
30 Jul 2024 — TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12. • https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-25661 – Denial of Service in TensorFlow
https://notcve.org/view.php?id=CVE-2023-25661
27 Mar 2023 — TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. • https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25660 – TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`
https://notcve.org/view.php?id=CVE-2023-25660
24 Mar 2023 — TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1. • https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25659 – TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch
https://notcve.org/view.php?id=CVE-2023-25659
24 Mar 2023 — TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. • https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25658 – TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad
https://notcve.org/view.php?id=CVE-2023-25658
24 Mar 2023 — TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. • https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25662 – TensorFlow vulnerable to integer overflow in EditDistance
https://notcve.org/view.php?id=CVE-2023-25662
24 Mar 2023 — TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. • https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25663 – TensorFlow has Null Pointer Error in TensorArrayConcatV2
https://notcve.org/view.php?id=CVE-2023-25663
24 Mar 2023 — TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1. • https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25664 – TensorFlow vulnerable to Heap Buffer Overflow in AvgPoolGrad
https://notcve.org/view.php?id=CVE-2023-25664
24 Mar 2023 — TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. • https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25667 – TensorFlow vulnerable to segfault when opening multiframe gif
https://notcve.org/view.php?id=CVE-2023-25667
24 Mar 2023 — TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. • https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d • CWE-190: Integer Overflow or Wraparound •