tensorflow@2.8.0rc0 vulnerabilities
TensorFlow is an open source machine learning framework for everyone.
-
latest version
2.18.0
-
latest non vulnerable version
-
first published
8 years ago
-
latest version published
22 days ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the tensorflow package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to the How to fix Integer Overflow or Wraparound? Upgrade |
[,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS) due to a malicious invalid input with zero dimension, which crashes a TensorFlow model (Check Failed). Note: An attacker must have privilege to provide input to a How to fix Denial of Service (DoS)? Upgrade |
[,2.11.1)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Heap-based Buffer Overflow. Attackers can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1. How to fix Heap-based Buffer Overflow? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to NULL Pointer Dereference when How to fix NULL Pointer Dereference? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS) when running with XLA, How to fix Denial of Service (DoS)? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to NULL Pointer Dereference due to a null pointer error in How to fix NULL Pointer Dereference? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS) due to a floating point exception in How to fix Denial of Service (DoS)? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to NULL Pointer Dereference. The function How to fix NULL Pointer Dereference? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Incorrect Comparison. Constructing a How to fix Incorrect Comparison? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS). When running with XLA, How to fix Denial of Service (DoS)? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Buffer Overflow in How to fix Buffer Overflow? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow when How to fix Integer Overflow to Buffer Overflow? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Integer Overflow or Wraparound in How to fix Integer Overflow or Wraparound? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Out-of-Bounds due to mismatched integer type sizes in How to fix Out-of-Bounds? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS) due to a floating point exception if the stride and window size are not positive for How to fix Denial of Service (DoS)? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to NULL Pointer Dereference. When How to fix NULL Pointer Dereference? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS). When the parameter How to fix Denial of Service (DoS)? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Double Free. The How to fix Double Free? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to NULL Pointer Dereference in How to fix NULL Pointer Dereference? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS) due to a floating point exception in How to fix Denial of Service (DoS)? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Out-of-bounds Read if the parameter How to fix Out-of-bounds Read? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Out-of-bounds Read in How to fix Out-of-bounds Read? Upgrade |
[,2.11.1)
[2.12.0rc0,2.12.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS) due to another discovered instance of CVE-2022-35991, in How to fix Denial of Service (DoS)? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Heap-based Buffer Overflow in How to fix Heap-based Buffer Overflow? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS) due to another discovered instance of CVE-2022-35935 in How to fix Denial of Service (DoS)? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Out-of-bounds Write via the How to fix Out-of-bounds Write? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Out-of-Bounds in How to fix Out-of-Bounds? Upgrade |
[,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when a numpy array is created with a shape such that one element is zero and the sum of others is a large number. How to fix Always-Incorrect Control Flow Implementation? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Buffer Overflow via How to fix Buffer Overflow? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via How to fix Incorrect Calculation of Buffer Size? Upgrade |
[,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Out-of-bounds Read when the How to fix Out-of-bounds Read? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Buffer Overflow via How to fix Buffer Overflow? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size when How to fix Incorrect Calculation of Buffer Size? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Improper Input Validation due to a missing check of How to fix Improper Input Validation? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS) because the conversions from How to fix Denial of Service (DoS)? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS) when How to fix Denial of Service (DoS)? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Reachable Assertion when How to fix Reachable Assertion? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Out-of-bounds Read. This is If How to fix Out-of-bounds Read? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS) when How to fix Denial of Service (DoS)? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS) when How to fix Denial of Service (DoS)? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS) when How to fix Denial of Service (DoS)? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to NULL Pointer Dereference because the pywrap code fails to parse the tensor and returns a How to fix NULL Pointer Dereference? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Buffer Overflow. The reference kernel of the Note: This attack only works if the reference kernel resolver is used in the interpreter. How to fix Buffer Overflow? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS) when an input How to fix Denial of Service (DoS)? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS). This is vulnerable when an input How to fix Denial of Service (DoS)? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Out-of-bounds Write in How to fix Out-of-bounds Write? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS) when How to fix Denial of Service (DoS)? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS) when the input How to fix Denial of Service (DoS)? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to the inputs How to fix Denial of Service (DoS)? Upgrade |
[,2.8.4)
[2.9.0,2.9.3)
[2.10.0,2.10.1)
[2.11.0rc0,2.11.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Out-of-Bounds in How to fix Out-of-Bounds? Upgrade |
[,2.5.3)
[2.6.0,2.6.3)
[2.7.0,2.7.1)
[2.8.0rc0,2.8.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Integer Overflow in the How to fix Integer Overflow? Upgrade |
[,2.5.3)
[2.6.0,2.6.3)
[2.7.0,2.7.1)
[2.8.0rc0,2.8.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Denial of Service (DoS) via the How to fix Denial of Service (DoS)? Upgrade |
[2.8.0rc0,2.8.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Out-of-bounds Read via type inference, as the bounds checking is done in the How to fix Out-of-bounds Read? Upgrade |
[2.8.0rc0,2.8.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to NULL Pointer Dereference when How to fix NULL Pointer Dereference? Upgrade |
[,2.5.3)
[2.6.0,2.6.3)
[2.7.0,2.7.1)
[2.8.0rc0,2.8.0)
|
tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via a crafted archive when NOTE: This CVE is disputed as the vendor's position is that UPDATE: With the addition of a clear warning to the API documentation on Feb 23, 2023, this issue is considered fixed. How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? Upgrade |
[,2.12.0rc1)
|