AI Sec Watch

TensorFlow, an open source machine learning platform, has a vulnerability where an attacker can cause a division by zero error (a crash caused by attempting math with zero as a divisor) in a specific function called `tf.raw_ops.Conv2DBackpropFilter` by controlling a value used in a modulus operation (a calculation that finds remainders). This bug affects multiple older versions of the software.

TensorFlow (an open source machine learning platform) has a vulnerability where an attacker can crash the program through a denial of service attack by sending malicious input to the `AddManySparseToTensorsMap` function. The problem occurs because the code uses an outdated constructor method that fails abruptly when it encounters numeric overflow (when a number gets too large for the system to handle), rather than handling the error gracefully.

A bug in TensorFlow (an open source machine learning platform) allows attackers to cause a denial of service (making a system unavailable) by triggering a division by zero error in the `tf.raw_ops.Conv3DBackprop*` operations. The operations don't check if input tensors are empty before using them in calculations, which crashes the system if an attacker controls the input sizes.

TensorFlow (an open source platform for machine learning) has a bug where passing a negative number in the dense shape parameter to `tf.raw_ops.SparseCountSparseOutput` causes a crash. This happens because the code assumes the shape values are always positive and doesn't validate them before using them to create a data structure, which violates the safety rules of the underlying `std::vector` (a list-like data structure in C++).

TensorFlow, a machine learning platform, has a vulnerability in its `tf.raw_ops.Conv3DBackprop*` operations where missing validation of input arguments can cause a heap buffer overflow (a crash or security issue where a program writes data beyond its allocated memory). The problem occurs because the code assumes three data structures (called tensors) have matching shapes, but doesn't check this before accessing them simultaneously.

TensorFlow, a machine learning platform, has a vulnerability in its `tf.raw_ops.SparseCross` function that can crash a program (denial of service) by tricking the code into mixing incompatible data types (string type with integer type). The vulnerability occurs because the implementation incorrectly processes a tensor, thinking it contains one type of data when it actually contains another.

TensorFlow has a vulnerability where eager mode (the default execution style in TensorFlow 2.0+) allows users to call raw operations that shouldn't work, causing a null pointer dereference (an error where the program tries to use an empty memory reference). The problem occurs because the code doesn't check whether the session state pointer is valid before using it, leading to undefined behavior (unpredictable outcomes).

A vulnerability in TensorFlow (an open source platform for machine learning) allows a malicious user to crash the program by providing specially crafted input to the Conv3D function (a tool for processing 3D image data). The vulnerability occurs because the code performs a division or modulo operation (mathematical operations that can fail) based on user-provided data, and if certain values are zero, the program crashes.

TensorFlow, a machine learning platform, has a vulnerability in the `RaggedTensorToVariant` function where passing invalid ragged tensors (data structures for irregular-shaped arrays) causes a null pointer dereference (accessing memory that hasn't been set, crashing the program). The function doesn't check whether the ragged tensor is empty before trying to use it.