AI Sec Watch

TensorFlow (an open source machine learning platform) has a vulnerability where an attacker can crash the system by causing a floating point exception (a math error that stops the program) through specially crafted inputs to inplace operations (functions that modify data in place). The bug exists because the code uses the wrong logical operator, checking if either condition is true instead of checking if both are true.

TensorFlow, a machine learning platform, has a vulnerability where an attacker can crash the system through a floating point exception (a math error that occurs when dividing by zero) in the `tf.raw_ops.ResourceGather` function. The problem happens because the code divides by a value without first checking if that value is zero.

TensorFlow, an open source machine learning platform, has a vulnerability in the `tf.raw_ops.ResourceScatterDiv` function that causes a division by 0 error (attempting to divide by zero, which crashes programs). The problem exists because the code treats all division operations the same way without special handling for the case when the divisor is zero.

TensorFlow, an open-source machine learning platform, has a bug in the `tf.raw_ops.SparseReshape` function where it can crash with a division by zero error (dividing a number by zero). This happens because the code doesn't check if the target shape has any elements before dividing by it, allowing attackers to trigger this crash by providing specially crafted input.

TensorFlow, an open source platform for machine learning, has a vulnerability in its `tf.raw_ops.SparseDenseCwiseDiv` function where division by zero is not properly handled, causing the program to crash or behave unexpectedly. The vulnerability affects multiple older versions of TensorFlow that are still being supported.

TensorFlow versions up to 2.5.0 have a vulnerability where attackers can overwrite arbitrary files by providing a specially crafted archive when the tf.keras.utils.get_file function is used with the extract=True setting. This happens because the function doesn't properly validate file paths during extraction (a weakness called path traversal, where attackers manipulate file paths to access files outside intended directories). The vendor notes that this function was not designed to handle untrusted archives.

TensorFlow (an open-source platform for machine learning) has a bug where passing invalid arguments to a specific function called `tf.raw_ops.SparseCountSparseOutput` causes a segfault (a crash where the program tries to access memory it shouldn't). This happens because the function doesn't properly handle exceptional conditions (unexpected or invalid inputs).

TensorFlow (an open source machine learning platform) crashes when you pass a complex argument to the `tf.transpose` function while also using the `conjugate=True` argument. This happens because the software doesn't properly handle this unusual combination of inputs.

TensorFlow is a machine learning platform that had a vulnerability where an attacker could crash the system by sending invalid arguments to the `tf.strings.substr` function, which performs string operations. This vulnerability was caused by improper error handling (not properly catching and managing exceptional conditions that shouldn't happen).