AI Sec Watch

TensorFlow versions before 2.3.1 have a bug in the `RaggedCountSparseOutput` function where it doesn't properly check that input data is valid, which can cause a heap buffer overflow (unsafe memory access that corrupts data). If the first value in the `splits` tensor (a structure that partitions data) isn't 0, the program crashes with a segmentation fault (an error when accessing memory illegally).

TensorFlow before version 2.3.1 has a bug in the `RaggedCountSparseOutput` function where it doesn't check that the `splits` tensor (a data structure that describes how elements are grouped in a ragged tensor, which is an array with uneven row lengths) has enough elements. If a user provides an empty or single-element `splits` tensor, the program crashes with a SIGABRT signal (an abort signal sent by the operating system).

TensorFlow (an open-source machine learning framework) versions before 2.3.1 have a bug in the `SparseCountSparseOutput` function where it doesn't check that two input arrays called `indices` and `values` have matching sizes. When the code tries to read from both arrays at the same time without this check, it can accidentally access memory outside the bounds of allocated space, which is a serious security risk.

TensorFlow before version 2.3.1 has a bug in the `SparseCountSparseOutput` function where it doesn't check that input data is in the correct format, specifically that the `indices` tensor (a data structure holding array positions) has the right shape. Attackers can exploit this by sending incorrectly shaped data, which causes the program to crash and creates a denial of service (a type of attack that makes a service unavailable). This vulnerability affects TensorFlow systems where users can control input data.

TensorFlow version 2.3.0 has a vulnerability in two functions, `SparseCountSparseOutput` and `RaggedCountSparseOutput`, that don't check whether the weights tensor (a data structure with values and their positions) matches the shape of the main data being processed. This missing validation allows an attacker to read data outside the intended memory area by providing fewer weights than data values, potentially exposing sensitive information from the computer's memory.

TensorFlow versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 contain a heap buffer overflow (a type of memory error where a program writes data outside its allocated memory space) in the `SparseFillEmptyRowsGrad` function. The bug occurs because of incorrect array indexing that allows `reverse_index_map(i)` to access memory beyond the bounds of `grad_values`, potentially causing the program to crash or behave unexpectedly.

TensorFlow (an open-source machine learning library) before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 has a bug in the `SparseFillEmptyRowsGrad` function where it doesn't properly check the shape (dimensions) of one of its inputs called `grad_values_t`. An attacker could exploit this by sending invalid data to cause the program to crash, disrupting AI systems that use TensorFlow to serve predictions.

TensorFlow versions before 2.2.1 and 2.3.1 have a vulnerability in the `dlpack.to_dlpack` function where it can be tricked into using uninitialized memory (memory that hasn't been set to a known value), leading to further memory corruption. The problem occurs because the code assumes the input is a TensorFlow tensor, but an attacker can pass in a regular Python object instead, causing a faulty type conversion that accesses memory incorrectly.

TensorFlow versions before 2.2.1 and 2.3.1 have a memory leak (wasted computer memory that isn't freed) when users pass a list of strings to a function called `dlpack.to_dlpack`. The bug happens because the code doesn't properly check for error conditions during validation, so it continues running even when it should stop and clean up.