AI Sec Watch

TensorFlow, a machine learning platform, has a vulnerability where attackers can crash the system by passing negative numbers to the `boosted_trees_create_quantile_stream_resource` function. The bug happens because the code doesn't check if the input is negative before using it to allocate memory (reserve, which expects an unsigned integer, or a whole number with no sign). When a negative number gets converted to an unsigned integer, it becomes a huge positive number that causes the program to crash.

TensorFlow, an open-source machine learning platform, has a vulnerability where an attacker can cause undefined behavior (unpredictable or unsafe program execution) by exploiting binary cwise operations (element-wise math operations between two arrays) that don't check if their inputs have the same size. This missing check allows the program to read from invalid memory locations and crash or behave unexpectedly.

TensorFlow, a machine learning platform, has a vulnerability in its MatrixSetDiagV operations where an attacker can cause undefined behavior (unpredictable program crashes or errors) by passing an empty tensor (a data structure with no elements) as input, since the code doesn't properly validate that the input tensor has at least one element before trying to access it.

TensorFlow, an open-source machine learning platform, has a vulnerability (CVE-2021-37657) where attackers can cause undefined behavior (unpredictable crashes or errors) by exploiting incomplete validation in matrix diagonal operations. The vulnerability occurs because the code doesn't check if the input tensor (a multi-dimensional array of data) is empty before trying to access its first element.

TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause undefined behavior (unpredictable program crashes or errors) by exploiting incomplete validation in the `tf.raw_ops.RaggedTensorToSparse` function. The function fails to check that split values are in increasing order, allowing an attacker to bind a reference to a null pointer (a reference to an empty memory location).

TensorFlow, an open source platform for machine learning, has a vulnerability where an attacker can read data outside the bounds of allocated memory (a heap buffer overflow) by sending invalid arguments to a specific function called `tf.raw_ops.ResourceScatterUpdate`. The bug exists because the code doesn't properly validate the relationship between the shapes of two inputs called `indices` and `updates`, checking only that their element counts are divisible rather than verifying the correct dimensional relationship needed for broadcasting (automatically expanding smaller arrays to match larger ones).

TensorFlow (an open source platform for machine learning) has a vulnerability in the `tf.raw_ops.ResourceGather` function that allows attackers to crash the software or read data from memory they shouldn't access by supplying an invalid `batch_dims` parameter (a dimension value that exceeds the tensor's rank, which is the number of dimensions in a data structure). The bug occurs because the code doesn't validate that the user's input is within acceptable bounds before using it.

TensorFlow, a machine learning platform, has a vulnerability in the `tf.raw_ops.FractionalAvgPoolGrad` function where it can access memory outside the bounds of allocated buffers (a buffer overflow, where a program reads from memory it shouldn't access) when given an empty input. The function fails to check whether the input is empty before trying to read from it.

TensorFlow, a machine learning platform, has a vulnerability in two functions that can cause a heap buffer overflow (writing data past the end of allocated memory) and crash the program when processing dataset records. The code incorrectly assumes all records are strings without checking, but users might pass numeric types instead, triggering the error.