AI Sec Watch

A bug in TensorFlow (an open source machine learning platform) allows attackers to cause a denial of service (making a system unavailable) by triggering a division by zero error in the `tf.raw_ops.Conv3DBackprop*` operations. The operations don't check if input tensors are empty before using them in calculations, which crashes the system if an attacker controls the input sizes.

TensorFlow (an open source platform for machine learning) has a bug where passing a negative number in the dense shape parameter to `tf.raw_ops.SparseCountSparseOutput` causes a crash. This happens because the code assumes the shape values are always positive and doesn't validate them before using them to create a data structure, which violates the safety rules of the underlying `std::vector` (a list-like data structure in C++).

TensorFlow, a machine learning platform, has a vulnerability in its `tf.raw_ops.Conv3DBackprop*` operations where missing validation of input arguments can cause a heap buffer overflow (a crash or security issue where a program writes data beyond its allocated memory). The problem occurs because the code assumes three data structures (called tensors) have matching shapes, but doesn't check this before accessing them simultaneously.

TensorFlow, a machine learning platform, has a vulnerability in its `tf.raw_ops.SparseCross` function that can crash a program (denial of service) by tricking the code into mixing incompatible data types (string type with integer type). The vulnerability occurs because the implementation incorrectly processes a tensor, thinking it contains one type of data when it actually contains another.

TensorFlow has a vulnerability where eager mode (the default execution style in TensorFlow 2.0+) allows users to call raw operations that shouldn't work, causing a null pointer dereference (an error where the program tries to use an empty memory reference). The problem occurs because the code doesn't check whether the session state pointer is valid before using it, leading to undefined behavior (unpredictable outcomes).

A vulnerability in TensorFlow (an open source platform for machine learning) allows a malicious user to crash the program by providing specially crafted input to the Conv3D function (a tool for processing 3D image data). The vulnerability occurs because the code performs a division or modulo operation (mathematical operations that can fail) based on user-provided data, and if certain values are zero, the program crashes.

TensorFlow, a machine learning platform, has a vulnerability in the `RaggedTensorToVariant` function where passing invalid ragged tensors (data structures for irregular-shaped arrays) causes a null pointer dereference (accessing memory that hasn't been set, crashing the program). The function doesn't check whether the ragged tensor is empty before trying to use it.

TensorFlow (an open-source machine learning platform) has a vulnerability in its `MatrixDiag*` operations (functions that create diagonal matrices from tensor data) because the code doesn't check whether the input tensors are empty, which could cause the program to crash or behave unexpectedly. This bug affects multiple versions of TensorFlow.

TensorFlow has a vulnerability in its RaggedBincount operation where invalid input arguments can cause a heap buffer overflow (a crash or memory corruption from accessing memory outside allocated bounds). An attacker can craft malicious input to make the code read or write to memory it shouldn't access, potentially compromising the system running the code.