tensorflow@2.12.0rc0 vulnerabilities

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to the array_ops.upper_bound function. An attacker can cause a denial of service by providing input that is not a rank 2 tensor.

Upgrade tensorflow to version 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow. Attackers can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference when SparseSparseMaximum is given invalid sparse tensors as inputs.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when running with XLA, tf.raw_ops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference due to a null pointer error in RandomShuffle with XLA enabled.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a floating point exception in TensorListSplit with XLA.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. The function tf.raw_ops.LookupTableImportV2 cannot handle scalars in the values parameter and gives a null pointer exception.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Incorrect Comparison. Constructing a tflite model with a paramater filter_input_channel of less than 1 gives a float pointer exception.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). When running with XLA, tf.raw_ops.Bincount segfaults when given a parameter weights that is neither the same shape as parameter arr nor a length-0 tensor.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow in TAvgPoolGrad.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow when 2^31 <= num_frames * height * width * channels < 2^32, for example Full HD screencast of at least 346 frames.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds due to mismatched integer type sizes in ValueMap::Manager::GetValueOrCreatePlaceholder, because there is a bug with the tfg-translate call to InitMlir.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a floating point exception if the stride and window size are not positive for tf.raw_ops.AvgPoolGrad.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. When ctx->step_containter() is a null ptr, the Lookup function will be executed with a null pointer.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). When the parameter summarize of tf.raw_ops.Print is zero, the new method SummarizeArray<bool> will reference to a nullptr, leading to a seg fault.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Double Free. The nn_ops.fractional_avg_pool_v2 and nn_ops.fractional_max_pool_v2 functions require the first and fourth elements of their parameter pooling_ratio to be equal to 1.0, as pooling on batch and channel dimensions is not supported.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference in QuantizedMatMulWithBiasAndDequantize with MKL enabled.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a floating point exception in AudioSpectrogram.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read if the parameter indices for DynamicStitch does not match the shape of the parameter data.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read in GRUBlockCellGrad.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via a crafted archive when tf.keras.utils.get_file is used with extract=True.

NOTE: This CVE is disputed as the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives. However, we feel this advisory is relevant as at the time of publication, there is no known security notice or documentation warning users of this behavior.

UPDATE: With the addition of a clear warning to the API documentation on Feb 23, 2023, this issue is considered fixed.

Upgrade tensorflow to version 2.12.0rc1 or higher.