AI Sec Watch

TensorFlow, an open-source machine learning platform, has a vulnerability in its CTCGreedyDecoder function that allows attackers to crash the program through a denial of service attack (an attack that makes a service unavailable). The problem occurs because the code uses a CHECK statement that aborts the program instead of handling invalid input properly.

TensorFlow, a machine learning platform, has a vulnerability where attackers can cause a heap buffer overflow (a memory safety error where data is written beyond allocated memory) by sending specially crafted inputs to the `tf.raw_ops.StringNGrams` function. The problem occurs because the code doesn't properly handle edge cases where input splitting results in only padding elements, potentially causing the program to read from invalid memory locations.

A vulnerability in TensorFlow (a platform for building machine learning models) allows an attacker to cause a null pointer dereference (a crash caused by trying to access memory that doesn't exist) in the `tf.raw_ops.StringNGrams` function by providing invalid input that isn't properly checked. This happens because the code doesn't fully validate the `data_splits` argument before using it, potentially causing the program to crash when trying to write data.

TensorFlow, an open source platform for machine learning, has a vulnerability where an attacker can cause a heap buffer overflow (a memory corruption bug where data is written beyond the intended memory region) in the Conv2DBackpropFilter function. This happens because the code calculates the filter tensor size but doesn't check that it matches the actual number of elements, leading to memory safety issues when the code later reads or writes to this buffer.

TensorFlow (an open source machine learning platform) has a bug where calling a specific function with certain data types causes a segfault (crash where the program tries to access invalid memory). The function assumes the data will be simple scalars (single values), but fails when given more complex data types like `tf.resource` or `tf.variant`.

TensorFlow, a machine learning platform, has a vulnerability (CVE-2021-29538) where an attacker can cause a division by zero error in the Conv2DBackpropFilter function (a tool for training neural networks) by providing empty tensor shapes, which could crash the system. The bug occurs because the code calculates a divisor from user input without checking if it equals zero before dividing by it.

TensorFlow, a machine learning platform, has a vulnerability where attackers can cause a heap buffer overflow (a memory safety error where data is written past the intended memory boundaries) in the `QuantizedResizeBilinear` function by providing invalid threshold values for quantization (the process of reducing data precision). The bug occurs because the code assumes these inputs are always valid numbers and doesn't properly check them before using them.

TensorFlow, a machine learning platform, has a heap buffer overflow vulnerability (a memory safety bug where code writes beyond allocated memory) in the `QuantizedReshape` function. The vulnerability occurs when an attacker passes empty tensors (multi-dimensional arrays) as threshold inputs, causing the code to incorrectly access memory at position 0 of an empty buffer.

TensorFlow, an open-source machine learning platform, has a vulnerability (CVE-2021-29535) where attackers can cause a heap buffer overflow (a memory safety error where code writes beyond allocated memory) in the `QuantizedMul` function by providing invalid threshold values for quantization. The bug occurs because the code assumes input values are always valid and tries to access data that doesn't exist when empty tensors (multi-dimensional arrays) are passed in.