tensorflow@1.15.4 vulnerabilities

TensorFlow is an open source machine learning framework for everyone.

Direct Vulnerabilities

Known vulnerabilities in the tensorflow package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Integer Overflow or Wraparound

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to the array_ops.upper_bound function. An attacker can cause a denial of service by providing input that is not a rank 2 tensor.

How to fix Integer Overflow or Wraparound?

Upgrade tensorflow to version 2.12.0 or higher.

[,2.12.0)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a malicious invalid input with zero dimension, which crashes a TensorFlow model (Check Failed).

Note: An attacker must have privilege to provide input to a Convolution3DTranspose call.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.11.1 or higher.

[,2.11.1)
  • H
Heap-based Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow. Attackers can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.

How to fix Heap-based Buffer Overflow?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference when SparseSparseMaximum is given invalid sparse tensors as inputs.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when running with XLA, tf.raw_ops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference due to a null pointer error in RandomShuffle with XLA enabled.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a floating point exception in TensorListSplit with XLA.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. The function tf.raw_ops.LookupTableImportV2 cannot handle scalars in the values parameter and gives a null pointer exception.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
Incorrect Comparison

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Incorrect Comparison. Constructing a tflite model with a paramater filter_input_channel of less than 1 gives a float pointer exception.

How to fix Incorrect Comparison?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). When running with XLA, tf.raw_ops.Bincount segfaults when given a parameter weights that is neither the same shape as parameter arr nor a length-0 tensor.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow in TAvgPoolGrad.

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
Integer Overflow to Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow when 2^31 <= num_frames * height * width * channels < 2^32, for example Full HD screencast of at least 346 frames.

How to fix Integer Overflow to Buffer Overflow?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
Integer Overflow or Wraparound

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

How to fix Integer Overflow or Wraparound?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds due to mismatched integer type sizes in ValueMap::Manager::GetValueOrCreatePlaceholder, because there is a bug with the tfg-translate call to InitMlir.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a floating point exception if the stride and window size are not positive for tf.raw_ops.AvgPoolGrad.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. When ctx->step_containter() is a null ptr, the Lookup function will be executed with a null pointer.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). When the parameter summarize of tf.raw_ops.Print is zero, the new method SummarizeArray<bool> will reference to a nullptr, leading to a seg fault.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
Double Free

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Double Free. The nn_ops.fractional_avg_pool_v2 and nn_ops.fractional_max_pool_v2 functions require the first and fourth elements of their parameter pooling_ratio to be equal to 1.0, as pooling on batch and channel dimensions is not supported.

How to fix Double Free?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • M
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference in QuantizedMatMulWithBiasAndDequantize with MKL enabled.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a floating point exception in AudioSpectrogram.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read if the parameter indices for DynamicStitch does not match the shape of the parameter data.

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • H
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read in GRUBlockCellGrad.

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

[,2.11.1) [2.12.0rc0,2.12.0)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to another discovered instance of CVE-2022-35991, in TensorListScatter and TensorListScatterV2 via non scalar inputs.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1)
  • H
Heap-based Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in QuantizeAndDequantizeV2, via the MakeGrapplerFunctionItem function, if the inputs are greater than or equal to the sizes of outputs.

How to fix Heap-based Buffer Overflow?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to another discovered instance of CVE-2022-35935 in SobolSample via assumed scalar inputs.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1)
  • H
Out-of-bounds Write

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Write via the MakeGrapplerFunctionItem function, if the inputs given are greater than or equal to the sizes of the outputs.

How to fix Out-of-bounds Write?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1)
  • M
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds in DynamicStitch due to missing validation when it receives a differing number of inputs, such as when it is called with an indices size 1 and a data size 2.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.10.1, 2.11.0 or higher.

[,2.10.1) [2.11.0rc0,2.11.0)
  • L
Always-Incorrect Control Flow Implementation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when a numpy array is created with a shape such that one element is zero and the sum of others is a large number.

How to fix Always-Incorrect Control Flow Implementation?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • L
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow via tf.raw_ops.ImageProjectiveTransformV2 when a large output shape is given.

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • M
Incorrect Calculation of Buffer Size

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via tf.keras.losses.poisson which receives a y_pred and y_true that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment.

How to fix Incorrect Calculation of Buffer Size?

Upgrade tensorflow to version 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • M
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read when the BaseCandidateSamplerOp function receives a value in true_classes larger than range_max.

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • L
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow via tf.raw_ops.FusedResizeAndPadConv2D when a large tensor shape is given.

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • L
Incorrect Calculation of Buffer Size

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size when tf.raw_ops.ResizeNearestNeighborGrad is given a large size input.

How to fix Incorrect Calculation of Buffer Size?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • L
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation due to a missing check of tf.image.generate_bounding_box_proposals that receives a scores input that must be of rank 4 when running on GPU.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) because the conversions from char to bool are undefined if the char is not 0 or 1. This can happen when printing a tensor: the data is got as a const char* array and then it is typecasted to the element type.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when ThreadUnsafeUnigramCandidateSampler is given input filterbank_channel_count greater than the allowed max size.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • L
Reachable Assertion

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Reachable Assertion when tf.raw_ops.TensorListResize is given a nonscalar value for input size. It will results in a CHECK fail which can be used to trigger a denial of service attack.

How to fix Reachable Assertion?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • L
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read. This is If MirrorPadGrad is given outsize input paddings.

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when FractionMaxPoolGrad is given outsize inputs row_pooling_sequence and col_pooling_sequence.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when tf.raw_ops.TensorListConcat is given element_shape=[].

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when BCast::ToShape is given input larger than an int32, even if it is being supposed to handle up to an int64.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • L
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference because the pywrap code fails to parse the tensor and returns a nullptr if a list of quantized tensors is assigned to an attribute.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • M
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow. The reference kernel of the CONV_3D_TRANSPOSE TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of data_ptr += num_channels; it should be data_ptr += output_num_channels; as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer.

Note: This attack only works if the reference kernel resolver is used in the interpreter.

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when an input encoded is not a valid CompositeTensorVariant tensor. This will trigger a segfault in tf.raw_ops.CompositeTensorVariantToComponents.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is vulnerable when an input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.raw_ops.PyFunc.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • H
Out-of-bounds Write

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Write in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers can access heap memory that is not in the user's control, leading to a crash or remote code execution.

How to fix Out-of-bounds Write?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when SparseFillEmptyRowsGrad is given empty inputs.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when the input sparse_matrix is not a matrix with a shape with rank 0. As a result, a CHECK fail will be triggered in tf.raw_ops.SparseMatrixNNZ.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to the inputs dense_features or example_state_data not being of rank 2 which will trigger a CHECK fail in SdcaOptimizer.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

[,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
  • H
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read via the GatherNd function, when the given inputs to the function are greater than or equal to the sizes of the outputs.

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference when mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when FakeQuantWithMinMaxVarsPerChannel is given min or max tensors of a rank other than one, it results in a CHECK fail that can be used to trigger the exploitation.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when mlir::tfg::GraphDefImporter::ConvertNodeDef tries to convert NodeDefs without an op name.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when RandomPoissonV2 receives large input shapes and rates, it gives a CHECK fail that can trigger the exploitation.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger exploitation of this vulnerability.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when Conv2DBackpropInput receives empty out_backprop inputs (e.g. [3, 1, 0, 1]).

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when AudioSummaryV2 receives an input sample_rate with more than one element, it gives a CHECK fails that can be used to trigger the exploitation of the vulnerability.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when tensorflow::full_type::SubstituteFromAttrs receives a FullTypeDef& t that is not exactly three args.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when tf.quantization.fake_quant_with_min_max_vars_gradient receives input min or max that is nonscalar, it gives a CHECK fail that can trigger the exploitation of this vulnerability.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when QuantizeAndDequantizeV3 is given a nonscalar num_bits input tensor, it results in a CHECK fail that can be used to trigger the exploitation of this vulnerability.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) in tf.reshape due to a CHECK-failure caused by overflowing the number of elements in a tensor.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when tf.random.gamma receives large input shapes and rates.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • H
Out-of-bounds Write

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Write via the scatter_nd function in TF Lite, when an input index is greater than the output tensor or less than zero.

How to fix Out-of-bounds Write?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via CHECK-failure caused by assuming input(0), input(1), and input(2) to be scalar.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • H
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, it triggers the exploitation of the vulnerability.

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when the AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when RaggedTensorToVariant is given a rt_nested_splits list that contains tensors of ranks other than one, it results in a CHECK fail that can be used to trigger the exploitation of this vulnerability.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when DenseBincount assumes its input tensor weights to either have the same shape as its input tensor input or to be length-0. A different weights shape will trigger a CHECK fail that can be used to trigger the exploitation of this vulnerability.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when SparseBincount is given inputs for indices, values, and dense_shape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger exploitation.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when LRNGrad is given an output_image input tensor that is not 4-D.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when the FractionalMaxPoolGrad function validates its inputs with CHECK failures instead of returning errors. If it gets incorrectly sized inputs, the CHECK failure can be used to trigger exploitation.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger exploitation.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when tf.linalg.matrix_rank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger exploitation.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient receives input min or max of rank other than 1, it gives a CHECK fail that can trigger exploitation.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when QuantizedRelu or QuantizedRelu6 are given nonscalar inputs for min_features or max_features, it results in a segfault that can be used to trigger exploitation.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when the implementation of Conv2DBackpropInput requires input_sizes to be 4-dimensional. Otherwise, it gives a CHECK failure which can be used to trigger exploitation.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when MaxPool receives a window size input array ksize with dimensions greater than its input tensor input, the GPU kernel gives a CHECK fail that can be used to trigger exploitation.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation due to improper validation of orig_input_shape in AvgPoolGrad.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference when LowerBound or UpperBound is given an empty sorted_inputs input.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when ParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger exploitation.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when QuantizeDownAndShrinkRange is given nonscalar inputs for input_min or input_max, it results in a segfault that can be used to trigger an exploitation.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when RaggedBincount is given an empty input tensor splits, it results in a segfault that can be used to trigger the exploitation of this vulnerability.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when TensorListScatter and TensorListScatterV2 receive an element_shape of a rank greater than one, they give a CHECK fail that can trigger the exploitation of the vulnerability.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when TensorListFromTensor receives an element_shape of a rank greater than one.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when the FakeQuantWithMinMaxVars function is given min or max tensors of a nonzero rank.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Integer Overflow or Wraparound

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. The RaggedRangOp function takes an argument limits that is eventually used to construct a TensorShape as an int64. If limits is a very large float, it can overflow when converted to an int64. This triggers an InvalidArgument but also throws an abort signal that crashes the program.

How to fix Integer Overflow or Wraparound?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when QuantizedInstanceNorm is given x_min or x_max tensors of a nonzero rank.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when CollectiveGather receives a scalar input input, which results in a CHECK failure.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when Unbatch receives a nonscalar input id, it results in a CHECK fail.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when QuantizedAdd is given min_input or max_input tensors of a nonzero rank.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper input validation of orig_input_tensor_shape in FractionalAvgPoolGrad.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper input validation of orig_input_shape in AvgPool3DGradOp.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when QuantizedMatMul is given nonscalar input for min_a, max_a, min_b, and max_b.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when QuantizedAvgPool is given min_input or max_input tensors of a nonzero rank.

import tensorflow as tf

ksize = [1, 2, 2, 1]
strides = [1, 2, 2, 1]
padding = "SAME"
input = tf.constant(1, shape=[1,4,4,2], dtype=tf.quint8)
min_input = tf.constant([], shape=[0], dtype=tf.float32)
max_input = tf.constant(0, shape=[1], dtype=tf.float32)
tf.raw_ops.QuantizedAvgPool(input=input, min_input=min_input, max_input=max_input, ksize=ksize, strides=strides, padding=padding)

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when a nonscalar id is provided to the UnbatchGradOp function, and batch_index is incorrect.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper input validation in BlockLSTMGradV2.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when QuantizedBiasAdd is given min_input, max_input, min_bias, max_bias tensors of a nonzero rank, it results in a segfault.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a CHECK failure in TensorListReserve via missing validation. Exploiting this vulnerability is possible when a num_elements of more than 1 element is provided, then tf.raw_ops.TensorListReserve fails the CHECK_EQ in CheckIsAlignedAndSingleElement.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a CHECK fail in SetSize, when SetSize receives an input set_shape that is not a 1D tensor.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a CHECK fail in EmptyTensorList when it receives an input element_shape with more than one dimension.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference when Eig can be fed an incorrect Tout input, resulting in a CHECK fail that can trigger a denial of service attack.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation when converting transposed convolutions using per-channel weight quantization, the converter segfaults and crashes the Python process.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference through mlir::tfg::TFOp::nameAttr, when it receives null type list attributes.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation when Requantize is given input_min, input_max, requested_output_min, requested_output_max tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Division by zero

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Division by zero when Conv2D is given empty input and the filter and padding sizes are valid, the output is all-zeros.

How to fix Division by zero?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when providing an empty function attributes to mlir::tfg::ConvertGenericFunctionToFunctionDef.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • L
Integer Overflow or Wraparound

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound when RangeSize function receives values that do not fit into an int64_t.

How to fix Integer Overflow or Wraparound?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a CHECK failure when DrawBoundingBoxes receives an input boxes that are not of dtype float.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

[,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). The implementation of depthwise ops in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor:

import tensorflow as tf

input = tf.constant(1, shape=[1, 4, 4, 3], dtype=tf.float32)
filter_sizes = tf.constant(1879048192, shape=[13], dtype=tf.int32)
out_backprop = tf.constant(1, shape=[1, 4, 4, 3], dtype=tf.float32)
tf.raw_ops.DepthwiseConv2dNativeBackpropFilter(
    input=input, filter_sizes=filter_sizes, out_backprop=out_backprop, strides=[1, 1, 1, 1], padding="SAME")

This is due to an incomplete fix for CVE-2021-41197.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.8.1, 2.7.2, 2.6.4 or higher.

[2.8.0,2.8.1) [2.7.0,2.7.2) [,2.6.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the implementation of tf.histogram_fixed_width, when the values array contains Not a Number (NaN) elements. The implementation assumes that all floating-point operations are defined and then converts a floating-point result to an integer index. If values contains NaN then the result of the division is still NaN and the cast to int32 would result in a crash.

Note: This only occurs on the CPU implementation.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation because the implementation of tf.raw_ops.QuantizedConv2D does not fully validate the input arguments. In this case, references get bound to nullptr for each argument that is empty.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference when the resource handle is empty.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). Certain TFLite models that were created using the TFLite model converter would crash when loaded in the TFLite interpreter. During quantization, the scale of values could be greater than 1 but the code always assumes sub-unit scaling. Thus, since the code was calling QuantizeMultiplierSmallerThanOneExp, the TFLITE_CHECK_LT assertion would trigger and abort the process.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) because the implementation of tf.raw_ops.StagePeek does not fully validate the input arguments, assuming that the index argument is a scalar when accessing its value.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). The implementation of tf.raw_ops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The code assumes num_segments is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a CHECK-failure (assertion failure), as per TFSA-2021-198.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to the implementation of `tf.ragged.constant not fully validating the input arguments.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Type Confusion

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Type Confusion because the macros used for writing assertions (e.g., CHECK_LT, CHECK_GT, etc.) have incorrect logic when comparing size_t and int values. Due to type conversion rules, several of the macros would be triggered incorrectly.

How to fix Type Confusion?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference when calling tf.compat.v1.* ops which don't have support for quantized types.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Integer Overflow or Wraparound

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to the improper implementation of tf.raw_ops.SpaceToBatchND which can result in a CHECK-failure.

How to fix Integer Overflow or Wraparound?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation because the implementation of tf.raw_ops.SparseTensorDenseAdd does not fully validate the input arguments. In this case, a reference gets bound to a nullptr during kernel execution which is an undefined behavior.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • H
Out-of-bounds Write

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Write because the implementation of tf.raw_ops.EditDistance have an incomplete validation which allows users to pass negative values for loc.

How to fix Out-of-bounds Write?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper input validation under certain condition in tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d, results in CHECK failures.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) where the implementation of tf.raw_ops.DeleteSessionTensor does not fully validate the input arguments.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • H
Remote Code Execution (RCE)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to improper fix of CVE-2021-41228. Exploiting this vulnerability is possible via the saved_model_cli tool and can be abused to open a reverse shell.

How to fix Remote Code Execution (RCE)?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to the implementation of tf.raw_ops.Conv3DBackpropFilterV2 which does not fully validate that filter_sizes argument is a vector.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to the implementation of tf.raw_ops.SparseTensorToCSRSparseMatrix which does not fully validate the input arguments. It assumes that dense_shape is a vector and indices is a matrix (as part of requirements for sparse tensors) without validating it.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to the implementation of tf.raw_ops.UnsortedSegmentJoin which does not fully validate the input arguments, assuming num_segments is a scalar without validating this before accessing its value.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to the implementation of tf.raw_ops.LoadAndRemapMatrix which does not fully validate the input arguments, assuming initializing_values is a vector without validating it before accessing its value.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) where the implementation of tf.raw_ops.LSTMBlockCell does not fully validate the input arguments. The code does not validate the ranks of any of the arguments to this API call. This results in CHECK-failures when the elements of the tensor are accessed.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) where the implementation of tf.raw_ops.TensorSummaryV2 does not fully validate the input arguments.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) where the implementation of tf.raw_ops.DeleteSessionTensor does not fully validate the input arguments.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) where the implementation of tf.raw_ops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) where the implementation of tf.raw_ops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments, which could result in a CHECK failure.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

[,2.6.4) [2.7.0,2.7.2) [2.8.0,2.8.1) [2.9.0rc0,2.9.0)
  • H
Integer Overflow or Wraparound

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the Grappler component during cost estimation for crop and resize due to these parameters being user-controlled.

How to fix Integer Overflow or Wraparound?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via an invalidated CHECK assertion based on user controlled arguments. This happens during the decoding of a tensor from a protobuf, when the TensorFlow process encounters such a failed assertion case if the tensors have an invalid dtype and 0 elements or an invalid shape.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference via the implementation of GetInitOp. A malicious actor can change the SaveModel protobuf format on disk before loading, to cause the find function used inside GetInitOp to return a nullptr.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via a maliciously altered SavedModel such that AttrDef's of some operations are duplicate, causing an assertion failure (CHECK-fail).

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • H
Out-of-Bound

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bound via a typo in TensorFlow's SpecializeType. A nested loop inside a function initializes a pointer to an argument (arg) by using the outer loop's index (i), instead of the inner loop index (j), allowing to assign to arg from outside the vector of arguments, resulting in the ability to read/write out of bounds.

How to fix Out-of-Bound?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • H
Out-of-bounds Write

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Write via the set_output() function in the Grappler component, which writes to an array at a specified index, giving the user the ability to write to a specific location in memory.

How to fix Out-of-bounds Write?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via an assertion failure. If some conditions are met, it's possible for a type to fail to specialize during shape inference. The DCHECK function is supposed to take care of this, but is a no-op in production builds and an assertion failure in debug builds, which leads to assertion failures in both cases.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference during the process of decoding a tensor from protobuf. If attributes of some mutable arguments to some operations are missing from the proto a null pointer dereference occurs. This should be taken care of by a DCHECK, however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via a CHECK assertion invalidation based on user controlled arguments during the decoding of a resource handle tensor from protobuf.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via a crafted TFLite model that would trigger a division by zero in BiasAndClamp function implementation, as the function doesn't check if one of its arguments, bias_size, is a non-zero.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • H
Integer Overflow or Wraparound

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound via a maliciously crafted TFLite model that would cause an integer overflow in the TfLiteIntArrayCreate function. The TfLiteIntArrayGetSizeInBytes function, which is called from TfLiteIntArrayCreate, returns an int instead of a size_t. The user controlled variable computed_size (a variable inside the TfLiteIntArrayGetSizeInBytes function) can overflow the size of the int datatype.

How to fix Integer Overflow or Wraparound?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • H
Use of Uninitialized Resource

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Use of Uninitialized Resource via the implementation of the AssignOp function can result in copying uninitialized data to a new tensor, leading to undefined behaviour.

How to fix Use of Uninitialized Resource?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the ImmutableExecutorState::Initialize function implementation, which can result in a memory leak if a graph node is invalid.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • H
Race Condition

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Race Condition via the tempfile.mktemp function which is used to create temporary files. This is risky, as a different process can create the file after the check for the filename in mktemp, and the actual creation of the file by the next operation (Time of Check/Time of Use).

How to fix Race Condition?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • H
Out-of-bounds Write

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Write via a crafted TFLite model that would cause a write outside of bounds of an array in TFLite. It is possible to override the linked list used by the memory allocator.

How to fix Out-of-bounds Write?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • H
Integer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow. An attacker can craft a TFLite model that would cause this issue, due to the fact that both embedding_size and lookup_size are products of values provided by the user. Therefore, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write.

How to fix Integer Overflow?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • H
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds in TFLite, due to missing validation in the conversion from sparse tensors to dense tensors.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1, 2.8.0 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1) [2.8.0rc0,2.8.0)
  • H
Integer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow in the Range implementation, which can cause OOM and undefined behaviour.

How to fix Integer Overflow?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1, 2.8.0 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1) [2.8.0rc0,2.8.0)
  • H
Use After Free

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Use After Free in DecodePng kernel. This can happen because the values of decode.width and decode.height are in an unspecified state after png::CommonFreeDecode(&decode) gets called.

How to fix Use After Free?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via invalid PNG images that are put through the decoding process. After calling png::CommonInitDecode(..., &decode), the decode value contains allocated buffers which can only be freed by calling png::CommonFreeDecode(&decode). However, the function implementation invokes the OP_REQUIRES macro which immediately terminates the execution of the function, not allowing the memory to be freed.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • H
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow by letting the runtime assume that the GraphDef format does not allow recursive functions. However, a GraphDef containing a crafted fragment with a recursive function can be consumed when loading a SavedModel, which would lead to a stack overflow during execution.

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) by allocating a large vector, based on a value from a tensor controlled by the user during shape inference.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This can be caused by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) by altering a SavedModel, using the Grappler optimizer, such that SafeToRemoveIdentity would trigger CHECK failures.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via an altering of a SavedModel such that TensorByteSize would trigger CHECK failures.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference via the Grappler component. This can occur twice for the same malicious alteration of a SavedModel file (fixing the first one would trigger the same dereference in the second place).

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the altering of a SavedModel such that any binary op would trigger CHECK failures.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a CHECK-fail in the Tensor constructor as reference types are not allowed. A malicious user can cause this by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Integer Overflow or Wraparound

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the implementation of OpLevelCostEstimator::CalculateTensorSize if an attacker can create an operation that would involve a tensor with a large enough number of elements.

How to fix Integer Overflow or Wraparound?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference when BuildXlaCompilationCache is built and if default settings are used.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1, 2.8.0 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1) [2.8.0rc0,2.8.0)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • H
Integer overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer overflow in OpLevelCostEstimator::CalculateOutputSize, where an attacker can create an operation which would involve tensors with large enough number of elements.

How to fix Integer overflow?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to integer overflow in StringNGrams.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) in ThreadPoolHandle.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • H
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow in shape inference for Dequantize.

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • H
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds which does not fully validate the value of axis in the implementation of Dequantize.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • H
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds in FractionalAvgPoolGrad which does not consider cases where the input tensors are invalid.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Integer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow in AddManySparseToTensorsMap which results in a CHECK-fail when building new TensorShape objects.

How to fix Integer Overflow?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Integer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow in sparse component-wise ops implementation. This can be used to trigger large allocations or CHECK-fails when building new TensorShape object.

How to fix Integer Overflow?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • H
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation in SparseTensorSliceDataset which can dereference a nullptr value.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the implementation of AddManySparseToTensorsMap that is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects (so, an assert failure based denial of service). There are some missing validation on the shapes of the input tensors as well as directly constructing a large TensorShape with user-provided dimensions.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Type Confusion

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Type Confusion in shape inference for ConcatV2.

How to fix Type Confusion?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Integer Overflow or Wraparound

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the implementation of UnravelIndex() function, which results in a division by zero.

How to fix Integer Overflow or Wraparound?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Division by zero

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Division by zero when executing convolution operators.

How to fix Division by zero?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • H
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read which does not fully validate the value of batch_dim in the implementation of shape inference for ReverseSequence.

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the implementation of the FractionalMaxPool() function, which can be made to crash a TensorFlow process via a division by 0.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the implementation of the MapStage function, in which a CHECK-fail if the key tensor is not a scalar.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the implementation of SparseCountSparseOutput() function which can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation.

###PoC

import tensorflow as tf
import numpy as np
    
tf.raw_ops.SparseCountSparseOutput(
  indices=[[1,1]],
  values=[2],
  dense_shape=[2 ** 31, 2 ** 32],
  weights=[1],
  binary_output=True,
  minlength=-1,
  maxlength=-1,
  name=None)

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via CHECK-fails (i.e., assertion failures) when building invalid/overflowing tensor shapes, similar to CVE-2021-41197.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference via the implementation of the QuantizedMaxPool() function, which has an undefined behavior where user-controlled inputs can trigger a reference binding to a null pointer.

###PoC

import tensorflow as tf

tf.raw_ops.QuantizedMaxPool(
    input = tf.constant([[[[4]]]], dtype=tf.quint8),
    min_input = [],
    max_input = [1],
    ksize = [1, 1, 1, 1],
    strides = [1, 1, 1, 1],
    padding = "SAME", name=None
)

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the implementation of *Bincount() functions. A malicious actor can take advantage of several conditions that inputs must satisfy but are not being checked - by passing in arguments that would trigger a CHECK-fail.

###PoC

import tensorflow as tf

tf.raw_ops.DenseBincount(
  input=[[0], [1], [2]],
  size=[1],
  weights=[3,2,1],
  binary_output=False)

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • H
Heap-based Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the implementation of SparseCountSparseOutput.

###PoC

import tensorflow as tf
import numpy as np

tf.raw_ops.SparseCountSparseOutput(
  indices=[[-1,-1]],
  values=[2],
  dense_shape=[1, 1],
  weights=[1],
  binary_output=True,
  minlength=-1,
  maxlength=-1,
  name=None)

How to fix Heap-based Buffer Overflow?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • M
Division by zero

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Division by zero via a specially crafted TFLite model that would trigger the division in the implementation of depthwise convolutions. The parameters of the convolution can be user-controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive.

How to fix Division by zero?

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

[,2.5.3) [2.6.0,2.6.3) [2.7.0,2.7.1)
  • H
Access of Uninitialized Pointer

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Access of Uninitialized Pointer due to binding a reference to nullptr.

How to fix Access of Uninitialized Pointer?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • M
Divide By Zero

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Divide By Zero which is triggered by implementations for convolution operators if passed empty filter tensor arguments.

How to fix Divide By Zero?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0,2.6.1) [2.5.0,2.5.2) [,2.4.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). If tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.1, 2.5.2, 2.4.4 or higher.

[2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). When tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.1, 2.5.2, 2.4.4 or higher.

[2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). Implementation of tf.math.segment_* operations results in a CHECK-fail related abort if a segment id in segment_ids is large.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc1,2.7.0) [2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired, this behavior may lead to CHECK-failure.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.1, 2.5.2, 2.4.4 or higher.

[2.6.0rc0,2.6.1) [2.5.0,2.5.2) [,2.4.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) if tf.summary.create_file_writer is called with non-scalar arguments due to a CHECK-fail.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.1, 2.5.2, 2.4.4 or higher.

[2.6.0,2.6.1) [2.5.0,2.5.2) [,2.4.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) which can be triggered in affected versions of the Keras pooling layers, if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.1, 2.5.2, 2.4.4 or higher.

[2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • H
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds. The shape inference functions for the QuantizeAndDequantizeV* operations can trigger a read outside of bounds of heap allocated array.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.6.1, 2.5.2, 2.4.4 or higher.

[2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • H
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow in the implementation of FusedBatchNorm kernels.

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • H
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow. The implementation of SparseFillEmptyRows can be made to trigger a heap OOB access, whenever the size of indices does not match the size of values.

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc1,2.7.0) [2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • M
Heap-based Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the shape inference function for Transpose. This occurs whenever perm contains negative elements, because the shape inference function does not validate that the indices in perm are all valid.

How to fix Heap-based Buffer Overflow?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0,2.6.1) [2.5.0,2.5.2) [,2.4.4)
  • H
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read in the shape inference code for QuantizeV2. This occurs whenever axis is a negative value less than -1. In this case, we are accessing data before the start of a heap buffer. The code allows axis to be an optional argument (s would contain an error::NOT_FOUND error code). Otherwise, it assumes that axis is a valid index into the dimensions of the input tensor. If axis is less than -1 then this results in a heap OOB read.

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0,2.6.1) [2.5.0,2.5.2) [,2.4.4)
  • H
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds in SparseBinCount. This is because of missing validation between the elements of the values argument and the shape of the sparse output.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • H
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read. The shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array.

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • H
Use of Uninitialized Variable

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Use of Uninitialized Variable. During execution, EinsumHelper::ParseEquation() is supposed to set the flags in input_has_ellipsis vector and *output_has_ellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. The code only changes these flags to true and never assigns false. This results in unitialized variable access if callers assume that EinsumHelper::ParseEquation() always sets these flags.

How to fix Use of Uninitialized Variable?

Upgrade tensorflow to version 2.6.1, 2.5.2, 2.4.4 or higher.

[2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). During TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor, which will cause a segfault.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.1, 2.5.2, 2.4.4 or higher.

[2.6.0,2.6.1) [2.5.0,2.5.2) [,2.4.4)
  • H
Access of Uninitialized Pointer

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Access of Uninitialized Pointer via nullptr reference binding in sparse matrix multiplication.

How to fix Access of Uninitialized Pointer?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • M
Deserialization of Untrusted Data

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the shape inference code for DeserializeSparse, which can trigger a null pointer dereference.

How to fix Deserialization of Untrusted Data?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). The process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.1, 2.5.2, 2.4.4 or higher.

[2.6.0,2.6.1) [2.5.0,2.5.2) [,2.4.4)
  • H
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds. The shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0,2.6.1) [2.5.0,2.5.2) [,2.4.4)
  • H
Heap-based Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow which could trick the shape inference code for the Cudnn* operations into accessing invalid memory. This occurs because the ranks of the input, input_h and input_c parameters are not validated, but code assumes they have certain values.

How to fix Heap-based Buffer Overflow?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0,2.6.1) [2.5.0,2.5.2) [,2.4.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via tf.function API which can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which contains mutually recursive functions is vulnerable.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0,2.6.1) [2.5.0,2.5.2) [,2.4.4)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing validation for invalid file formats via checkpoints loading infrastructure.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • M
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation. The implementation of ParallelConcat misses some input validation and can produce a division by 0.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • M
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read via the ImmutableConst operation which can be tricked into reading arbitrary memory contents. This is because the tstring TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype.

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0,2.6.1) [2.5.0,2.5.2) [,2.4.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via SplitV which can trigger a segfault if an attacker supplies negative arguments. This occurs whenever size_splits contains more than one value and at least one value is negative.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0,2.6.1) [2.5.0,2.5.2) [,2.4.4)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing validation, the attacker can trigger DoS via dereferencing nullptrs or via CHECK-failures

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • M
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow. When calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition will be cast to double and the result would be truncated before the assignment.

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.6.1, 2.5.2, 2.4.4 or higher.

[2.6.0,2.6.1) [2.5.0,2.5.2) [,2.4.4)
  • M
Use of Uninitialized Variable

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Use of Uninitialized Variable in TensorFlow's Grappler optimizer. If the train_nodes vector (obtained from the saved model that gets optimized) does not contain a Dequeue node, then dequeue_node is left unitialized.

How to fix Use of Uninitialized Variable?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0,2.6.1) [2.5.0,2.5.2) [,2.4.4)
  • H
Remote Code Execution (RCE)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Remote Code Execution (RCE) via TensorFlow's saved_model_cli tool as it calls eval on user supplied strings.

How to fix Remote Code Execution (RCE)?

Upgrade tensorflow to version 2.6.1, 2.5.2, 2.4.4 or higher.

[2.6.0,2.6.1) [2.5.0,2.5.2) [,2.4.4)
  • H
Remote Code Execution (RCE)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Remote Code Execution (RCE) via TensorFlow's saved_model_cli tool as it calls eval on user supplied strings.

How to fix Remote Code Execution (RCE)?

Upgrade tensorflow to version 2.6.1, 2.5.2, 2.4.4 or higher.

[2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing validation for the shapes of the tensor arguments involved in the call.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.1, 2.5.2, 2.4.4 or higher.

[2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing validation for the shapes of the tensor arguments involved in the call.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.1, 2.5.2, 2.4.4 or higher.

[2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing validation for the shapes of the tensor arguments involved in the call.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.6.1, 2.5.2, 2.4.4 or higher.

[2.6.0rc0,2.6.1) [2.5.0rc0,2.5.2) [,2.4.4)
  • M
Divide By Zero

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Divide By Zero via AllToAll. This occurs whenever the split_count argument is 0.

How to fix Divide By Zero?

Upgrade tensorflow to version 2.7.0, 2.6.1, 2.5.2, 2.4.4 or higher.

[2.7.0rc0,2.7.0) [2.6.0,2.6.1) [2.5.0,2.5.2) [,2.4.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). Under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TF_TString_Dealloc is called during garbage collection within a finalizer function. However, tensor structure isn't checked until encoding to avoid a performance penalty. The current method for dealloc assumes that encoding succeeded, but segfaults when a string tensor is garbage collected whose encoding failed (e.g., due to mismatched dimensions).

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.1 or higher.

[,2.5.1)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) as, when running shape functions, some functions (such as MutableHashTableShape) produce extra output information in the form of a ShapeAndType struct. The shapes embedded in this struct are owned by an inference context that is cleaned up almost immediately; if the upstream code attempts to access this shape information, it can trigger a segfault.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • C
Arbitrary Code Execution

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Arbitrary Code Execution. TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation uses yaml.unsafe_load which can perform arbitrary code execution on the input.

How to fix Arbitrary Code Execution?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.MapStage. The implementation does not check that the key input is a valid non-empty tensor.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation as, due to incomplete validation in tf.raw_ops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation has some validation but does not check that min_range and max_range both have the same non-zero number of elements. If axis is provided (i.e., not -1), then validation should check that it is a value in range for the rank of input tensor and then the lengths of min_range and max_range inputs match the axis dimension of the input tensor.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation as, due to incomplete validation in tf.raw_ops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation has some validation but does not check that min_range and max_range both have the same non-zero number of elements. If axis is provided (i.e., not -1), then validation should check that it is a value in range for the rank of input tensor and then the lengths of min_range and max_range inputs match the axis dimension of the input tensor.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can trigger a denial of service via a segmentation fault in tf.raw_ops.MaxPoolGrad caused by missing validation. The implementation misses some validation for the orig_input and orig_output tensors.

This is related to CVE-2021-29579, where the fixes were incomplete.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can cause denial of service in applications serving models using tf.raw_ops.NonMaxSuppressionV5 by triggering a division by 0. The implementation uses a user controlled argument to resize a std::vector. However, as std::vector::resize takes the size argument as a size_t and output_size is an int, there is an implicit conversion to unsigned. If the attacker supplies a negative value, this conversion results in a crash. A similar issue occurs in CombinedNonMaxSuppression.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation. The implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation as, due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation does not validate the dimensions of the input tensor. A similar issue occurs in MklRequantizePerChannelOp. The implementation does not perform full validation for all the input arguments.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds. An attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.raw_ops.SdcaOptimizerV2. The implementation does not check that the length of example_labels is the same as the number of examples.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). The shape inference code for tf.raw_ops.Dequantize has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference implementation uses axis to select between two different values for minmax_rank which is then used to retrieve tensor dimensions. However, code assumes that axis can be either -1 or a value greater than -1, with no validation for the other values.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can cause denial of service in applications serving models using tf.raw_ops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not empty. Hence, if one element of dims is 0, the implementation does a division by 0.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. An attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.UnicodeEncode. The implementation reads the first dimension of the input_splits tensor before validating that this tensor is not empty.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation. An attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.raw_ops.UpperBound. The implementation does not validate the rank of sorted_input argument. A similar issue occurs in tf.raw_ops.LowerBound.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read. It is possible to nest a tf.map_fn within another tf.map_fn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tensor and fills output buffer with uninitialized contents from the heap. The t and z outputs should be identical, however this is not the case. The last row of t contains data from the heap which can be used to leak other memory information. The bug lies in the conversion from a Variant tensor to a RaggedTensor. The implementation does not check that all inner shapes match and this results in the additional dimensions. The same implementation can result in data loss, if input tensor is tweaked.

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. An attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.Map* and tf.raw_ops.OrderedMap* operations. The implementation has a check in place to ensure that indices is in ascending order, but does not check that indices is not empty.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. An attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.Map* and tf.raw_ops.OrderedMap* operations. The implementation has a check in place to ensure that indices is in ascending order, but does not check that indices is not empty.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. An attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case when the argument would be empty.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). Most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference implementation is missing several validations before doing divisions and modulo operations.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation. An attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empty tensors.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation. The code for tf.raw_ops.SaveV2 does not properly validate the inputs and an attacker can trigger a null pointer dereference. The implementation uses ValidateInputs to check that the input arguments are valid. This validation would have caught the illegal state represented by the reproducer above. However, the validation uses OP_REQUIRES which translates to setting the Status object of the current OpKernelContext to an error status, followed by an empty return statement which just terminates the execution of the function it is present in. However, this does not mean that the kernel execution is finalized: instead, execution continues from the next line in Compute that follows the call to ValidateInputs. This is equivalent to lacking the validation.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Integer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow. The implementation of tf.raw_ops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The implementation uses the axis value as the size argument to absl::InlinedVector constructor. But, the constructor uses an unsigned type for the argument, so the implicit conversion transforms the negative value to a large integer.

How to fix Integer Overflow?

Upgrade tensorflow to version 2.5.1, 2.4.3 or higher.

[2.5.0,2.5.1) [,2.4.3)
  • H
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation. The implementation for tf.raw_ops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empty. Thus, code constructs an empty EigenDoubleMatrixMap and then accesses this buffer with indices that are outside of the empty area.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Integer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow. The implementation of tf.raw_ops.StringNGrams is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The implementation calls reserve on a tstring with a value that sometimes can be negative if user supplies negative ngram_widths. The reserve method calls TF_TString_Reserve which has an unsigned long argument for the size of the buffer. Hence, the implicit conversion transforms the negative value to a large integer.

How to fix Integer Overflow?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can cause a denial of service in boosted_trees_create_quantile_stream_resource by using negative arguments. The implementation does not validate that num_streams only contains non-negative numbers. In turn, this results in using this value to allocate memory. However, reserve receives an unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned. This results in a crash from the standard library.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
Use After Free

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Use After Free. The implementation for tf.raw_ops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies specially crafted arguments. The implementation uses a reference counted resource and decrements the refcount if the initialization fails, as it should. However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent free-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resource has been freed.

How to fix Use After Free?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
Heap-based Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow. The implementation for tf.raw_ops.ExperimentalDatasetToTFRecord and tf.raw_ops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the dataset are of string type. However, there is no check for that, and the example given above uses numeric types.

How to fix Heap-based Buffer Overflow?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation. An attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The implementation does not validate the input values.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. An attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.RaggedTensorToSparse. The implementation has an incomplete validation of the splits values: it does not check that they are in increasing order.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. An attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.raw_ops.MatrixSetDiagV*. The implementation has incomplete validation that the value of k is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. An attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.raw_ops.MatrixDiagV*. The implementation has incomplete validation that the value of k is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read as, if the arguments to tf.raw_ops.RaggedGather don't determine a valid ragged tensor, the code can trigger a read from outside of bounds of heap allocated buffers. The implementation directly reads the first dimension of a tensor shape before checking that said tensor has rank of at least 1 (i.e., it is not a scalar). Furthermore, the implementation does not check that the list given by params_nested_splits is not an empty list of tensors.

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read. An attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The implementation needs to validate that each value in stats_summary_indices is in range.

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation as providing a negative element to num_elements list argument of tf.raw_ops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements. The implementation calls std::vector.resize() with the new size controlled by input given by the user, without checking that this input is valid.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. An attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise operations). The implementation assumes that the two inputs have exactly the same number of elements but does not check that. Hence, when the eigen functor executes it triggers heap OOB reads and undefined behavior due to binding to nullptr.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds. An attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.raw_ops.ResourceGather or a read from outside the bounds of heap allocated data in the same API in a release build. The implementation does not check that the batch_dims value that the user supplies is less than the rank of the input tensor. Since the implementation uses several for loops over the dimensions of tensor, this results in reading data from outside the bounds of heap allocated buffer backing the tensor.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds as the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The implementation fails to validate that each reduction group does not overflow and that each corresponding index does not point to outside the bounds of the input tensor.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
Heap-based Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow. An attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.raw_ops.ResourceScatterUpdate. The implementation has an incomplete validation of the relationship between the shapes of indices and updates: instead of checking that the shape of indices is a prefix of the shape of updates (so that broadcasting can happen), code only checks that the number of elements in these two tensors are in a divisibility relationship.

How to fix Heap-based Buffer Overflow?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
Heap-based Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow. An attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.raw_ops.ResourceScatterUpdate. The implementation has an incomplete validation of the relationship between the shapes of indices and updates: instead of checking that the shape of indices is a prefix of the shape of updates (so that broadcasting can happen), code only checks that the number of elements in these two tensors are in a divisibility relationship.

How to fix Heap-based Buffer Overflow?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. The code for tf.raw_ops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains a pointer to a CompressedElement from a Variant tensor and then proceeds to dereference it for decompressing. There is no check that the Variant tensor contained a CompressedElement, so the pointer is actually nullptr.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.raw_ops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function call before validating that said buffer is valid.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. When a user does not supply arguments that determine a valid sparse tensor, tf.raw_ops.SparseTensorSliceDataset implementation can be made to dereference a null pointer. The implementation has some argument validation but fails to consider the case when either indices or values are provided for an empty sparse tensor when the other is not. If indices is empty, then code that performs validation (i.e., checking that the indices are monotonically increasing) results in a null pointer dereference. If indices as provided by the user is empty, then indices in the C++ code above is backed by an empty std::vector, hence calling indices->dim_size(0) results in null pointer dereferencing (same as calling std::vector::at() on an empty vector).

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. If a user does not provide a valid padding value to tf.raw_ops.MatrixDiagPartOp, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The implementation reads the first value from a tensor buffer without first checking that the tensor has values to read from.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some tensor names but not enough for a successful restoration. The implementation retrieves the tensor list corresponding to the tensor_name user controlled input and immediately retrieves the tensor at the restoration index (controlled via preferred_shard argument). This occurs without validating that the provided list has enough values. If the list is empty this results in dereferencing a null pointer (undefined behavior). If, however, the list has some elements, if the restoration index is outside the bounds this results in heap OOB read.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • H
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. Sending invalid argument for row_partition_types of tf.raw_ops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values without validating that the provided list is not empty.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) as the implementation of tf.raw_ops.ResourceScatterDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case separately.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) as the implementation of tf.raw_ops.ResourceScatterDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case separately.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can cause a floating point exception by calling in-place operations with crafted arguments that would result in a division by 0. The implementation has a logic error: it should skip processing if x and v are empty but the code uses || instead of &&.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can trigger a crash via a floating point exception in tf.raw_ops.ResourceGather. The implementation computes the value of a value, batch_size, and then divides by it without checking that this value is not 0.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). The implementation of tf.raw_ops.SparseReshape can be made to trigger an integral division by 0 exception. The implementation calls the reshaping functor whenever there is at least an index in the input but does not check that shape of the input or the target shape have both a non-zero number of elements. The reshape functor blindly divides by the dimensions of the target shape. Hence, if this is not checked, code will result in a division by 0.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). The implementation of tf.raw_ops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case separately.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.5.1, 2.4.3, 2.3.4 or higher.

[2.5.0,2.5.1) [2.4.0,2.4.3) [,2.3.4)
  • C
Arbitrary File Write via Archive Extraction (Zip Slip)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via a crafted archive when tf.keras.utils.get_file is used with extract=True.

NOTE: This CVE is disputed as the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives. However, we feel this advisory is relevant as at the time of publication, there is no known security notice or documentation warning users of this behavior.

UPDATE: With the addition of a clear warning to the API documentation on Feb 23, 2023, this issue is considered fixed.

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

Upgrade tensorflow to version 2.12.0rc1 or higher.

[,2.12.0rc1)
  • H
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior (dereferencing null pointers) as well as write outside of bounds of heap allocated data. The implementation has a large set of validation for the two sparse tensor inputs (6 tensors in total), but does not validate that the tensors are not empty or that the second dimension of *_indices matches the size of corresponding *_shape. This allows attackers to send tensor triples that represent invalid sparse tensors to abuse code assumptions that are not protected by validation.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.4.2, 2.3.3, 2.2.3, 2.1.4 or higher.

[2.4.0,2.4.2) [2.3.0,2.3.3) [2.2.0,2.2.3) [,2.1.4)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via tf.io.decode_raw.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • H
Improper Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Validation in tf.raw_ops.CTCLoss, which can lead to an out-of-bounds read, heap buffer overflow, or null pointer dereference.

How to fix Improper Validation?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • M
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow in RaggedTensorToTensor An attacker can exploit undefined behaviour if input arguments are empty.

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow in ParseAttrValue with nested tensors.

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • M
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference in Grappler's TrySimplify.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). A crash can occur in tf.transpose with complex inputs.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • M
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to a segfault in tf.raw_ops.SparseCountSparseOutput.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Heap-based Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in BandedTriangularSolve.

How to fix Heap-based Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). A crash in tf.strings.substr can occur due to CHECK-fail.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Heap-based Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in FusedBatchNorm.

How to fix Heap-based Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). Due to lack of validation in tf.raw_ops.CTCBeamSearchDecoder, an attacker can trigger denial of service via segmentation faults.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference in MatrixDiag* ops.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This can be caused by exploiting a CHECK-failure coming from the implementation of tf.raw_ops.IRFFT.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference in SdcaOptimizer.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). Due to lack of validation in tf.raw_ops.SparseDenseCwiseMul, an attacker can trigger denial of service via CHECK-fails or accesses to outside the bounds of heap allocated data.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to a division by zero in Conv2DBackpropFilter.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read. Due to lack of validation in tf.raw_ops.Dequantize, an attacker can trigger a read from outside of bounds of heap allocated data.

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Heap-based Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the implementation of tf.raw_ops.MaxPool3DGradGrad.

How to fix Heap-based Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Improper Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Validation. The validation in tf.raw_ops.QuantizeAndDequantizeV2 allows invalid values for axis argument.

How to fix Improper Validation?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to division by zero in TFLite's implementation of SpaceToDepth.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to a division by zero in padding computation in TFLite.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to a division by zero in TFLite's implementation of OneHot.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • M
Integer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow via TFLite concatenation. An attacker can craft a model such that the dimensions of one of the concatenation input overflow the values of int. TFLite uses int to represent tensor dimensions, whereas TF uses int64. Hence, valid TF models can trigger an integer overflow when converted to TFLite format.

How to fix Integer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • M
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference in TFLite's Reshape operator. This is due to an incomplete fix for CVE-2020-15209.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) in TFLite's convolution code.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to a division by zero in TFLite's implementation of BatchToSpaceNd.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read in TFLite's implementation of Minimum or Maximum.

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to division by zero in TFLite's implementation of EmbeddingLookup.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is caused by division by zero in optimized pooling implementations in TFLite.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to looping TFLite subgraph.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to a division by zero in TFLite's implementation of hashtable lookup.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to a division by zero in TFLite's implementation of TransposeConv.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to a division by zero in TFLite's implementation of GatherNd.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to a division by zero in TFLite's implementation of DepthwiseConv.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to a division by zero in TFLite's implementation of SVDF.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Out-of-bounds Write

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Write. If axis_value is not a value between 0 and NumDimensions(input), then the condition in the if is never true, so the code writes past the last valid element of output_dims->data.

How to fix Out-of-bounds Write?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to a division by zero in TFLite's implementation of SpaceToBatchNd.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • H
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of Split_V.

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • H
Integer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow in TFLite memory allocation. An attacker can craft a model such that the size multiplier is so large that the return value overflows the int datatype and becomes negative. In turn, this results in invalid value being given to malloc.

How to fix Integer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to a division by zero in TFLite's implementation of Split.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a division by 0 in QuantizedMul. An attacker can trigger a division by 0 in tf.raw_ops.QuantizedMul.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation due to reference binding to null in ParameterizedTruncatedNormal. An attacker can trigger undefined behavior by binding to null pointer in tf.raw_ops.ParameterizedTruncatedNormal:

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to division by 0 in Conv2DBackpropFilter. An attacker can trigger a division by 0 in tf.raw_ops.Conv2DBackpropFilter:

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to CHECK-fail in CTCGreedyDecoder. An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.CTCGreedyDecoder.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read due to heap OOB in QuantizeAndDequantizeV3. An attacker can read data outside of bounds of heap allocated buffer in tf.raw_ops.QuantizeAndDequantizeV3:

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds due to heap out of bounds read in MaxPoolGradWithArgmax. The implementation of tf.raw_ops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference due to type confusion during tensor casts lead to dereferencing null pointers. Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • M
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds due to memory corruption in DrawBoundingBoxesV2. The implementation of tf.raw_ops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Heap-based Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to heap buffer overflow in FractionalAvgPoolGrad. The implementation of tf.raw_ops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow:

How to fix Heap-based Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Heap-based Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to heap buffer overflow in MaxPoolGrad. The implementation of tf.raw_ops.MaxPoolGrad is vulnerable to a heap buffer overflow.

How to fix Heap-based Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to division by 0 in Conv2DBackpropInput. An attacker can trigger a division by 0 in tf.raw_ops.Conv2DBackpropInput:

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow due to heap buffer overflow in QuantizedMul. An attacker can cause a heap buffer overflow in QuantizedMul by passing in invalid thresholds for the quantization:

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to CHECK-fail due to integer overflow. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape:

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to CHECK-fail in QuantizeAndDequantizeV4Grad. An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.QuantizeAndDequantizeV4Grad:

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to division by 0 in DenseCountSparseOutput. An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.DenseCountSparseOutput:

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow due to heap buffer overflow in AvgPool3DGrad. The implementation of tf.raw_ops.AvgPool3DGrad is vulnerable to a heap buffer overflow:

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to Segfault in tf.raw_ops.ImmutableConst. Calling tf.raw_ops.ImmutableConst with a dtype of tf.resource or tf.variant results in a segfault in the implementation as code assumes that the tensor contents are pure scalars.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to division by 0 in QuantizedConv2D. An attacker can trigger a division by 0 in tf.raw_ops.QuantizedConv2D:

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow due to heap buffer overflow in SparseSplit. An attacker can cause a heap buffer overflow in tf.raw_ops.SparseSplit:

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow due to heap buffer overflow in RaggedTensorToTensor. An attacker can cause a heap buffer overflow in tf.raw_ops.RaggedTensorToTensor:

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow due to .eap buffer overflow in SparseTensorToCSRSparseMatrix. An attacker can trigger a denial of service via a CHECK-fail in converting sparse tensors to CSR Sparse matrices.

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds due to heap OOB access in unicode ops. An attacker can access data outside of bounds of heap allocated array in tf.raw_ops.UnicodeEncode.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds due to heap out of bounds write in RaggedBinCount. If the splits argument of RaggedBincount does not specify a valid SparseTensor, then an attacker can trigger a heap buffer overflow.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to division by 0 in FusedBatchNorm. An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.FusedBatchNorm:

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to CHECK-fail in LoadAndRemapMatrix. An attacker can cause a denial of service by exploiting a CHECK-failure coming from tf.raw_ops.LoadAndRemapMatrix.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to undefined behavior in MaxPool3DGradGrad. The implementation of tf.raw_ops.MaxPool3DGradGrad exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds due to heap out of bounds read in RequantizationRange. The implementation of tf.raw_ops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to CHECK-fail in DrawBoundingBoxes. An attacker can trigger a denial of service via a CHECK failure by passing an empty image to tf.raw_ops.DrawBoundingBoxes.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to overflow/denial of service in tf.raw_ops.ReverseSequence. The implementation of tf.raw_ops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to division by 0 in QuantizedAdd. An attacker can cause a runtime division by zero error and denial of service in tf.raw_ops.QuantizedAdd.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow due to heap buffer overflow caused by rounding. An attacker can trigger a heap buffer overflow in tf.raw_ops.QuantizedResizeBilinear by manipulating input values so that float rounding results in off-by-one error in accessing image elements.

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • M
Insufficient Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Insufficient Validation. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior (dereferencing null pointers) as well as write outside of bounds of heap allocated data.

How to fix Insufficient Validation?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to CHECK-fail in SparseConcat. An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.SparseConcat.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to division by zero in TFLite's implementation of DepthToSpace. The implementation of the DepthToSpace TFLite operator is vulnerable to a division by zero error.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to division by 0 in MaxPoolGradWithArgmax. The implementation of tf.raw_ops.MaxPoolGradWithArgmax is vulnerable to a division by 0.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. An attacker can trigger a dereference of a null pointer in tf.raw_ops.StringNGrams.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds due to heap OOB access in Dilation2DBackpropInput. An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to tf.raw_ops.Dilation2DBackpropInput.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to undefined behavior and CHECK-fail in FractionalMaxPoolGrad. The implementation of tf.raw_ops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to division by 0 in Reverse. An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.Reverse

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. An attacker can trigger a null pointer dereference in the implementation of tf.raw_ops.EditDistance.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow in Conv3DBackprop*.

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow in Conv2DBackpropFilter. An attacker can cause a heap buffer overflow to occur in Conv2DBackpropFilter:

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow. An attacker can trigger a division by 0 in tf.raw_ops.Conv2D:

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can trigger an integer division by zero undefined behavior in tf.raw_ops.QuantizedBiasAdd:

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds in QuantizedBatchNormWithGlobalNormalization. An attacker can cause a segfault and denial of service via accessing data outside of bounds in tf.raw_ops.QuantizedBatchNormWithGlobalNormalization:

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) in SparseCountSparseOutput. Specifying a negative dense shape in tf.raw_ops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow in StringNGrams. An attacker can cause a heap buffer overflow by passing crafted inputs to tf.raw_ops.StringNGrams:

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). CHECK-fail in AddManySparseToTensorsMap. An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.AddManySparseToTensorsMap.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation. Null pointer dereference in SparseFillEmptyRows. An attacker can trigger a null pointer dereference in the implementation of tf.raw_ops.SparseFillEmptyRows:

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) in tf.raw_ops.EncodePng. An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. Null pointer dereference via invalid Ragged Tensors. Calling tf.raw_ops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a division by 0 in QuantizedBatchNormWithGlobalNormalization. An attacker can cause a runtime division by zero error and denial of service in tf.raw_ops.QuantizedBatchNormWithGlobalNormalization

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a division by zero in Conv3D. A malicious user could trigger a division by 0 in Conv3D implementation.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
NULL Pointer Dereference

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. Session operations in eager mode lead to null pointer dereferences. In eager mode (default in TF 2.0 and later), session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference.

How to fix NULL Pointer Dereference?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a CHECK-failure in UnsortedSegmentJoin. An attacker can cause a denial of service by controlling the values of num_segments tensor argument for UnsortedSegmentJoin.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a CHECK-fail in SparseCross due to type confusion. The API of tf.raw_ops.SparseCross allows combinations which would result in a CHECK-failure and denial of service.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can trigger a null pointer dereference by providing an invalid permutation to tf.raw_ops.SparseMatrixSparseCholesky.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow in QuantizedResizeBilinear by passing in invalid thresholds for the quantization.

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). The tf.raw_ops.Conv3DBackprop* operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow in QuantizedReshape by passing in invalid thresholds for the quantization.

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a division by 0 in FractionalAvgPool. An attacker can cause a runtime division by zero error and denial of service in tf.raw_ops.FractionalAvgPool.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). OOB read in MatrixTriangularSolve. The implementation of MatrixTriangularSolve fails to terminate kernel execution if one validation condition fails.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a CHECK-fail in tf.raw_ops.RFFT. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.raw_ops.RFFT.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Out-of-Bounds

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds. Heap out of bounds read in RaggedCross. An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to tf.raw_ops.RaggedCross.

How to fix Out-of-Bounds?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a Division by 0 in SparseMatMul. An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.SparseMatMul:

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • L
Buffer Overflow

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow. If the splits argument of RaggedBincount does not specify a valid SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the splits tensor buffer in the implementation of the RaggedBincount op. Before the for loop, batch_idx is set to 0. The user controls the splits array, making it contain only one element, 0. Thus, the code in the while loop would increment batch_idx and then try to read splits(1), which is outside of bounds.

How to fix Buffer Overflow?

Upgrade tensorflow to version 2.1.4, 2.2.3, 2.3.3, 2.4.2 or higher.

[,2.1.4) [2.2.0,2.2.3) [2.3.0,2.3.3) [2.4.0,2.4.2)
  • H
Out-of-Bounds

[2.4.0rc0,2.4.0) [2.3.0,2.3.2) [2.2.0,2.2.2) [2.1.0,2.1.3) [2.0.0,2.0.4) [,1.15.5)
  • M
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation. Under certain cases, a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen.

How to fix Improper Input Validation?

Upgrade tensorflow to version 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, 2.4.0 or higher.

[0,1.15.5) [2.0.0,2.0.4) [0,2.1.3) [2.2.0,2.2.2) [2.3.0,2.3.2) [2.4.0rc0,2.4.0)
  • L
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation. The tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area: If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault.

How to fix Improper Input Validation?

Upgrade tensorflow to version 2.4.0rc0 or higher.

[,2.4.0rc0)
  • L
Improper Input Validation

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation. The tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes.

How to fix Improper Input Validation?

Upgrade tensorflow to version 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2 or higher.

[,1.15.5) [2.0.0,2.0.4) [2.1.0,2.1.3) [2.2.0,2.2.2) [2.3.0,2.3.2)
  • L
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). Running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2 or higher.

[,1.15.5) [2.0.0,2.0.4) [2.1.0,2.1.3) [2.2.0,2.2.2) [2.3.0,2.3.2)
  • H
Uninitialized Memory Exposure

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Uninitialized Memory Exposure. Under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by obtaining the corresponding DataType values and comparing these for equality. However, there is no check that the indices point to inside of the arrays they index into. Thus, this can result in accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can manifest as unitialized data access, but if the index points far away from the boundaries of the arrays this can be used to leak addresses from the library.

How to fix Uninitialized Memory Exposure?

Upgrade tensorflow to version 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2 or higher.

[,1.15.5) [2.0.0,2.0.4) [2.1.0,2.1.3) [2.2.0,2.2.2) [2.3.0,2.3.2)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). When the boxes argument of tf.image.crop_and_resize has a very large value, the CPU kernel implementation receives it as a C++ nan floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.4.0 or higher.

[,2.4.0)
  • H
Denial of Service (DoS)

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can pass an invalid axis value to tf.quantization.quantize_and_dequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to validate the argument and then uses it to access the corresponding element of an array. Since in normal builds, DCHECK-like macros are no-ops, this results in segfault and access out of bounds of the array.

How to fix Denial of Service (DoS)?

Upgrade tensorflow to version 2.4.0rc0 or higher.

[,2.4.0rc0)
  • M
Out-of-bounds Read

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read. Decoding variant tensors from proto could result in heap out of bounds memory access.

How to fix Out-of-bounds Read?

Upgrade tensorflow to version 2.0.0 or higher.

[,2.0.0)