AI Sec Watch

TensorFlow (an open source machine learning platform) has a bug in its TensorListReserve function where it assumes `num_elements` is a tensor with only one value, but crashes if given multiple values. This causes the function to fail when users try to use `tf.raw_ops.TensorListReserve` with improperly sized input.

TensorFlow (an open source machine learning platform) has a bug in `AvgPool3DGradOp` (a function that calculates gradients for 3D average pooling operations) where it doesn't properly check the `orig_input_shape` input value. This causes an overflow (when a number gets too large for its container) that crashes the system with a CHECK failure, allowing attackers to perform a denial of service attack (making the system unavailable).

TensorFlow, a machine learning platform, has a vulnerability in the `UnbatchGradOp` function (a component that processes gradient calculations) where it doesn't properly validate its inputs. If given a non-scalar `id` (a single value instead of what's expected) or an incorrectly sized `batch_index` (a list of indices), the function crashes the program. There are no known workarounds for this issue.

TensorFlow's `AvgPoolOp` function has a bug where it doesn't check if the `ksize` argument (a parameter that controls pooling window size) is positive, allowing negative values to crash the program. The issue has been patched and will be included in upcoming TensorFlow releases.

TensorFlow's `RaggedRangOp` function has a bug where passing a very large float value to the `limits` argument causes it to overflow when converted to an `int64` (a 64-bit integer type), crashing the entire program with an abort signal. This vulnerability affects multiple versions of TensorFlow and has no known workaround.

TensorFlow's `ScatterNd` function (a tool that places values into specific positions of an output array) has a bug where invalid input indices can write data to the wrong location or crash the program. The vulnerability affects multiple versions of TensorFlow.

A bug in TensorFlow (an open source platform for machine learning) exists in the `GatherNd` function, which retrieves values from arrays using index arrays. When input sizes are greater than or equal to output sizes, the function tries to read memory outside its allowed bounds (out-of-bounds memory read), causing errors or system crashes. The vulnerability affects multiple recent versions of TensorFlow.

TensorFlow's `GatherNd` function (a tool that retrieves values from arrays based on index locations) has a vulnerability where it can read memory it shouldn't access if certain input sizes are too large. This happens because the function doesn't properly check if inputs exceed the expected output sizes, potentially exposing sensitive data or crashing the system.

TensorFlow (an open source platform for machine learning) has a bug in SobolSampleOp that crashes the program when it receives unexpected input types, because the code assumes certain inputs will be scalars (single values rather than arrays). This denial of service vulnerability has been fixed and will be released in upcoming versions.