AI Sec Watch

TensorFlow, an open source machine learning platform, has a vulnerability in its fully connected layers (neural network components that connect all inputs to all outputs) in TFLite (a lightweight version for mobile devices) that causes a division by zero error (attempting to divide by zero, which crashes the program). The issue has been patched and will be included in upcoming updates.

TensorFlow (an open-source platform for machine learning) has a vulnerability where an attacker can trigger undefined behavior (unpredictable program crashes or malfunctions) by exploiting the `tf.raw_ops.SparseFillEmptyRows` function, which fails to check whether input arguments are empty tensors (multi-dimensional arrays). This flaw exists in the shape inference code, which is responsible for determining the size and structure of data.

TensorFlow, a machine learning platform, has a vulnerability where attackers can crash the software by exploiting division by zero errors in convolution operators (mathematical operations that process data in machine learning models). This happens because the code that checks input shapes is missing validation steps before performing divisions, allowing someone to trigger a denial of service (making the system unavailable).

TensorFlow, an open source machine learning platform, has a vulnerability in its Map and OrderedMap operations where an attacker can cause undefined behavior (unpredictable or dangerous program actions) by exploiting a missing check for empty data indices. The code checks if indices are in order but doesn't verify they exist, leaving a gap that can lead to null pointer reference binding (attempting to use memory that hasn't been allocated).

TensorFlow, an open source machine learning platform, has a vulnerability where an attacker can cause undefined behavior (unpredictable program crashes or malfunctions) by exploiting a flaw in the `tf.raw_ops.UnicodeEncode` function. The problem occurs because the code reads data from a tensor without first checking if that tensor is empty, which can lead to a null pointer dereference (trying to access memory that doesn't exist).

TensorFlow, an open source machine learning platform, has a vulnerability (CVE-2021-37666) where attackers can cause undefined behavior (unpredictable program crashes or errors) by exploiting incomplete validation in the RaggedTensorToVariant function. The flaw occurs when the function receives empty input values that it doesn't properly check for.

TensorFlow, a machine learning platform, has a use-after-free vulnerability (a bug where freed memory is accessed again) in the `tf.raw_ops.BoostedTreesCreateEnsemble` function that attackers can trigger with specially crafted input. The issue stems from refactoring that changed a resource from a naked pointer (basic memory reference) to a smart pointer (automatic memory management), causing the resource to be freed twice and its members to be accessed during cleanup after it's already been deallocated.

TensorFlow, a machine learning platform, has a vulnerability in its `SaveV2` function where input validation fails to properly stop execution, allowing an attacker to trigger a null pointer dereference (a crash caused by accessing invalid memory). The validation check uses a method that only sets an error status but doesn't actually stop the function, so harmful operations continue anyway.

TensorFlow (an open-source platform for machine learning) has a vulnerability where an attacker can read data from outside the intended memory area by sending specially crafted invalid arguments to a specific function called `BoostedTreesSparseCalculateBestFeatureSplit`. The problem occurs because the code doesn't properly check that input values are within valid ranges.