AI Sec Watch

TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a denial of service (making a service unavailable) through a FPE (floating-point exception, a math error when dividing by zero) in a specific operation. The bug exists because the code divides by a value computed from user input without first checking if that value is zero.

TensorFlow, an open-source machine learning platform, has a vulnerability in its `RaggedBincount` operation where improper validation of the `splits` argument can allow an attacker to trigger a heap buffer overflow (reading memory outside the intended bounds). An attacker could craft malicious input that causes the code to read from invalid memory locations, potentially leading to crashes or information disclosure.

CVE-2021-20289 is a flaw in RESTEasy (a framework for building web services) versions up to 4.6.0.Final where error messages expose sensitive information about the internal code. When RESTEasy cannot process certain parts of a request, it returns the class and method names of the endpoint in its error response, which could leak details about how the application is structured (CWE-209, generation of error messages containing sensitive information).

Increments Qiita::Markdown before version 0.33.0 contains an XSS vulnerability (cross-site scripting, where attackers can inject malicious code into web pages) in its transformers component. The vulnerability is classified as CWE-79 (improper neutralization of input during web page generation).

This article argues against the idea that manual red teaming (the practice of simulating attacks to find security weaknesses) is dying due to automation. The author contends that red teaming is fundamentally about discovering unknown vulnerabilities and exploring creative attack strategies rather than just exploiting known bugs, and therefore cannot be fully automated even though adversaries will continue using AI and automation tools to scale their operations.

Survivorship bias is the logical error of focusing only on successes while ignoring failures, which can lead to incomplete understanding. The article applies this concept to red teaming (security testing where a team acts as attackers to find vulnerabilities) by noting that the MITRE ATT&CK framework (a database of known adversary tactics and techniques) only covers publicly disclosed threats, potentially causing security teams to overlook attack methods that haven't been publicly documented or aren't in the framework.

CVE-2020-26270 is a vulnerability in TensorFlow where LSTM/GRU models (types of neural network layers used for processing sequences) crash when they receive input with zero length on NVIDIA GPU systems, causing a denial of service (making the system unavailable). This happens because the system fails input validation (checking whether data is acceptable before processing it).

TensorFlow's release candidate versions 2.4.0rc* contain a vulnerability in the code that matches filesystem paths to globbing patterns (a method of searching for files using wildcards), which can cause the program to read memory outside the bounds of an array holding directory information. The vulnerability stems from missing checks on assumptions made by the parallel implementation, but this issue only affects the development version and release candidates, not the final release.

A bug in TensorFlow's tf.raw_ops.ImmutableConst operation (a function that creates fixed tensors from memory-mapped files) causes the Python interpreter to crash when the tensor type is not an integer type, because the code tries to write to memory that should be read-only. This crash happens when the file is large enough to contain the tensor data, resulting in a segmentation fault (a critical memory access error).