AI Sec Watch

TensorFlow has a vulnerability where an attacker can crash the system (a denial of service, or DoS attack) by sending specially crafted data to a specific function called `tf.raw_ops.QuantizeAndDequantizeV4Grad`. The bug happens because the function doesn't check that its input data (called tensors, which are multi-dimensional arrays) has the correct structure, causing the program to fail when it tries to process them.

TensorFlow, an open-source machine learning platform, has a vulnerability in its CTCGreedyDecoder function that allows attackers to crash the program through a denial of service attack (an attack that makes a service unavailable). The problem occurs because the code uses a CHECK statement that aborts the program instead of handling invalid input properly.

TensorFlow, a machine learning platform, has a vulnerability where attackers can cause a heap buffer overflow (a memory safety error where data is written beyond allocated memory) by sending specially crafted inputs to the `tf.raw_ops.StringNGrams` function. The problem occurs because the code doesn't properly handle edge cases where input splitting results in only padding elements, potentially causing the program to read from invalid memory locations.

A vulnerability in TensorFlow (a platform for building machine learning models) allows an attacker to cause a null pointer dereference (a crash caused by trying to access memory that doesn't exist) in the `tf.raw_ops.StringNGrams` function by providing invalid input that isn't properly checked. This happens because the code doesn't fully validate the `data_splits` argument before using it, potentially causing the program to crash when trying to write data.

TensorFlow, an open source platform for machine learning, has a vulnerability where an attacker can cause a heap buffer overflow (a memory corruption bug where data is written beyond the intended memory region) in the Conv2DBackpropFilter function. This happens because the code calculates the filter tensor size but doesn't check that it matches the actual number of elements, leading to memory safety issues when the code later reads or writes to this buffer.

TensorFlow (an open source machine learning platform) has a bug where calling a specific function with certain data types causes a segfault (crash where the program tries to access invalid memory). The function assumes the data will be simple scalars (single values), but fails when given more complex data types like `tf.resource` or `tf.variant`.

TensorFlow, a machine learning platform, has a vulnerability (CVE-2021-29538) where an attacker can cause a division by zero error in the Conv2DBackpropFilter function (a tool for training neural networks) by providing empty tensor shapes, which could crash the system. The bug occurs because the code calculates a divisor from user input without checking if it equals zero before dividing by it.

TensorFlow, a machine learning platform, has a vulnerability where attackers can cause a heap buffer overflow (a memory safety error where data is written past the intended memory boundaries) in the `QuantizedResizeBilinear` function by providing invalid threshold values for quantization (the process of reducing data precision). The bug occurs because the code assumes these inputs are always valid numbers and doesn't properly check them before using them.

TensorFlow, a machine learning platform, has a heap buffer overflow vulnerability (a memory safety bug where code writes beyond allocated memory) in the `QuantizedReshape` function. The vulnerability occurs when an attacker passes empty tensors (multi-dimensional arrays) as threshold inputs, causing the code to incorrectly access memory at position 0 of an empty buffer.