CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33976 – TensorFlow segfault in array_ops.upper_bound
https://notcve.org/view.php?id=CVE-2023-33976
TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12. • https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-25661 – Denial of Service in TensorFlow
https://notcve.org/view.php?id=CVE-2023-25661
TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. • https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25660 – TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`
https://notcve.org/view.php?id=CVE-2023-25660
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1. • https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25659 – TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch
https://notcve.org/view.php?id=CVE-2023-25659
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. • https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25658 – TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad
https://notcve.org/view.php?id=CVE-2023-25658
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. • https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6 • CWE-125: Out-of-bounds Read •