AI Sec Watch

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.QuantizeAndDequantizeV3` function where an attacker can read data outside the bounds of a heap allocated buffer (memory region used for dynamic storage) by exploiting an unvalidated `axis` attribute. The code fails to check the user-supplied `axis` value before using it to access array elements, potentially allowing unauthorized data access.

TensorFlow, an open-source machine learning platform, has a vulnerability where an attacker can crash the program by passing an empty tensor (a multi-dimensional array of numbers) as the `num_segments` argument to the `UnsortedSegmentJoin` operation. The code assumes this input will always be a valid scalar (a single number), so when it's empty, a safety check fails and terminates the process, causing a denial of service (making the system unavailable).

TensorFlow, a platform for building machine learning models, has a bug in its `MatrixTriangularSolve` function (a tool for solving certain types of math problems) where the program fails to stop running if a validation check (a safety test) fails. This could cause the system to hang or consume resources indefinitely.

TensorFlow has a vulnerability in the `FractionalAvgPool` operation where an attacker can provide specially crafted input values to cause a division by zero error (a crash caused by dividing by zero), leading to denial of service (making the system unavailable). The bug happens because user-controlled values aren't properly validated before being used in mathematical operations, allowing the computed output size to become zero.

TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a division by zero error (attempting to divide by zero, which crashes a program) in a specific operation called `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. The bug happens because the code performs a modulo operation (finding the remainder after division) without checking if the divisor is zero first, and an attacker can craft input shapes to make this divisor equal zero.

TensorFlow, an open source machine learning platform, has a vulnerability where attackers can trigger a division by zero error (attempting to divide a number by zero, which crashes a program) in a specific operation, causing the service to become unavailable. The bug exists because the code doesn't properly check all the requirements that should be enforced before running the operation.

TensorFlow, an open source machine learning platform, has a vulnerability in a specific operation called `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization` that allows attackers to crash the system by accessing memory outside intended bounds. The bug occurs when the operation receives empty inputs, causing it to try to read from an invalid memory location.

TensorFlow, an open source platform for machine learning, has a vulnerability where an attacker can cause an integer division by zero (a crash caused by dividing by zero) in the `tf.raw_ops.QuantizedBiasAdd` function. The bug occurs because the code divides by the number of elements in an input without first checking that this number is not zero.

TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a denial of service (making the system crash or stop responding) by triggering a failed safety check when converting sparse tensors (data structures with mostly empty values) to CSR sparse matrices. The bug happens because the code tries to access memory locations that are outside the bounds of allocated space, which can corrupt data.