AI Sec Watch

CVE-2019-20634 is a vulnerability in Proofpoint Email Protection where attackers can collect scoring information from email headers to build a copycat machine learning model. By understanding how this model works, attackers can craft malicious emails designed to receive favorable scores and bypass the email filter.

TensorFlow versions before 1.15.2 and 2.0.1 have a bug where converting a string to a tf.float16 value (a 16-bit floating-point number) causes a segmentation fault (a crash where the program tries to access memory it shouldn't). This vulnerability can be exploited by attackers sending malicious data containing strings instead of the expected number format, leading to denial of service (making the system unavailable) during AI model training or inference (using a trained model to make predictions).

CVE-2019-8760 is a vulnerability in Face ID (Apple's facial recognition system) where a 3D model made to look like an enrolled user could trick the system into unlocking a device. The vulnerability is classified as an improper authentication issue (CWE-287, a weakness in how systems verify identity).

TensorFlow versions before 1.15 had a heap buffer overflow (a type of memory access bug where a program writes beyond the boundaries of allocated memory) in the UnsortedSegmentSum function when using 32-bit integers, causing some large numbers to be incorrectly converted to negative values and leading to out-of-bounds memory access. The vulnerability was considered unlikely to be exploitable and was fixed internally in TensorFlow 1.15 and 2.0.

CVE-2019-17206 is a vulnerability in rediswrapper (a Redis Wrapper library) before version 0.3.0 that allows attackers to execute arbitrary scripts through uncontrolled deserialization of pickled objects (a Python serialization format that can be exploited if data comes from an untrusted source). The vulnerability exists in the models.py file and is caused by unsafe handling of serialized data.

Google TensorFlow version 1.7.x and earlier contains a buffer overflow vulnerability (a bug where a program writes data outside its intended memory boundaries), which can be exploited in ways that depend on the specific context in which TensorFlow is used. The vulnerability is related to integer overflow or wraparound issues (errors in how very large numbers are handled in calculations).

A NULL pointer dereference (a type of bug where software tries to access memory that doesn't exist) in Google TensorFlow versions before 1.12.2 could allow an attacker to cause a denial of service (making the software crash or become unresponsive) by providing an invalid GIF image file. This vulnerability affects TensorFlow's image processing capabilities.

A bug in Google's Snappy library version 1.1.4, used in TensorFlow before version 1.7.1, allows a memcpy operation (a function that copies data in memory) to overlap with itself, potentially causing the program to crash or expose data from other parts of the computer's memory. This vulnerability stems from improper input validation (checking whether user input is safe before processing it).

CVE-2018-10055 is a vulnerability in TensorFlow (a machine learning framework) versions before 1.7.1 where the XLA compiler (a tool that optimizes machine learning code) has a memory access bug that could crash the program or allow reading data from other parts of the computer's memory when processing a specially crafted configuration file.