AI Sec Watch

scikit-learn (a Python machine learning library) versions up to 0.23.0 have a vulnerability where the joblib.load() function (which deserializes, or reconstructs objects from saved files) can execute harmful commands if an untrusted file is loaded. However, the vulnerability is disputed because joblib.load() is documented as unsafe and users are responsible for only loading files they trust.

TensorFlow versions before 1.7.0 contain an integer overflow bug in the BMP decoder (DecodeBmp feature) that allows out-of-bounds read (accessing memory beyond intended boundaries), potentially exposing sensitive data from the computer's memory. This vulnerability exists in the file core/kernels/decode_bmp_op.cc and is classified as a CWE-125 weakness.

CVE-2019-20634 is a vulnerability in Proofpoint Email Protection where attackers can collect scoring information from email headers to build a copycat machine learning model. By understanding how this model works, attackers can craft malicious emails designed to receive favorable scores and bypass the email filter.

TensorFlow versions before 1.15.2 and 2.0.1 have a bug where converting a string to a tf.float16 value (a 16-bit floating-point number) causes a segmentation fault (a crash where the program tries to access memory it shouldn't). This vulnerability can be exploited by attackers sending malicious data containing strings instead of the expected number format, leading to denial of service (making the system unavailable) during AI model training or inference (using a trained model to make predictions).

CVE-2019-8760 is a vulnerability in Face ID (Apple's facial recognition system) where a 3D model made to look like an enrolled user could trick the system into unlocking a device. The vulnerability is classified as an improper authentication issue (CWE-287, a weakness in how systems verify identity).

TensorFlow versions before 1.15 had a heap buffer overflow (a type of memory access bug where a program writes beyond the boundaries of allocated memory) in the UnsortedSegmentSum function when using 32-bit integers, causing some large numbers to be incorrectly converted to negative values and leading to out-of-bounds memory access. The vulnerability was considered unlikely to be exploitable and was fixed internally in TensorFlow 1.15 and 2.0.

CVE-2019-17206 is a vulnerability in rediswrapper (a Redis Wrapper library) before version 0.3.0 that allows attackers to execute arbitrary scripts through uncontrolled deserialization of pickled objects (a Python serialization format that can be exploited if data comes from an untrusted source). The vulnerability exists in the models.py file and is caused by unsafe handling of serialized data.

Google TensorFlow version 1.7.x and earlier contains a buffer overflow vulnerability (a bug where a program writes data outside its intended memory boundaries), which can be exploited in ways that depend on the specific context in which TensorFlow is used. The vulnerability is related to integer overflow or wraparound issues (errors in how very large numbers are handled in calculations).

A NULL pointer dereference (a type of bug where software tries to access memory that doesn't exist) in Google TensorFlow versions before 1.12.2 could allow an attacker to cause a denial of service (making the software crash or become unresponsive) by providing an invalid GIF image file. This vulnerability affects TensorFlow's image processing capabilities.