AI Sec Watch

A bug in TensorFlow (an open-source machine learning platform) in the `tf.raw_ops.ReverseSequence` function fails to check if input arguments are valid, allowing attackers to cause a denial of service (making the system crash or stop responding) through stack overflow (when a program uses too much memory on the call stack) or CHECK-failure (when an internal safety check fails). The vulnerability affects multiple recent versions of TensorFlow.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.MaxPool3DGradGrad` function where it doesn't check if input tensors (data structures that hold multi-dimensional arrays) are empty before accessing their contents. An attacker can provide empty tensors to cause a null pointer dereference (trying to access memory that doesn't exist), crashing the program or potentially executing malicious code.

TensorFlow, an open-source platform for machine learning, has a vulnerability in the `tf.raw_ops.MaxPoolGradWithArgmax` function where it divides by a batch dimension (a count of data samples) without first checking that the number is not zero. This can cause a division by zero error, which crashes the program or causes unexpected behavior.

TensorFlow, a machine learning platform, has a bug in the `tf.raw_ops.SdcaOptimizer` function where it crashes when given invalid input because it tries to access memory that doesn't exist (null pointer dereference, which is undefined behavior in programming). The code doesn't check that user inputs meet the function's requirements before processing them.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.MaxPoolGradWithArgmax` function where attackers can provide specially crafted input data to read and write outside the bounds of heap-allocated memory (memory areas assigned during program execution), potentially causing memory corruption. The issue occurs because the code assumes the last element of the `boxes` input is 4 without checking it first, so attackers can pass smaller values to access memory they shouldn't.

A vulnerability in TensorFlow (an open source machine learning platform) called CVE-2021-29570 affects the `tf.raw_ops.MaxPoolGradWithArgmax` function, which can read outside the bounds of allocated memory (a heap overflow) if an attacker provides specially designed inputs. The bug occurs because the code uses the same value to look up data in two different arrays without checking that both arrays are the same size.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.MaxPoolGradWithArgmax` function where specially crafted inputs can cause the program to read memory outside the bounds of allocated heap memory (a memory safety violation). The bug occurs because the code assumes input tensors contain at least one element, but if they're empty, accessing even the first element reads invalid memory.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `ParameterizedTruncatedNormal` function where attackers can cause undefined behavior (unpredictable program crashes or corruption) by passing an empty array as input, because the code doesn't check if the input is valid before trying to access its first element. This flaw affects multiple versions of the software.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.SparseDenseCwiseMul` function that lacks proper validation of input dimensions. An attacker can exploit this to cause denial of service (program crashes through failed checks) or write to memory locations outside the bounds of allocated buffers (heap overflow, unintended memory access).