All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
CVE-2023-28858 is a bug in redis-py (a Python library for connecting to Redis databases) versions before 4.5.3 where canceling an async command at the wrong moment leaves a connection open and can accidentally send response data from one request to a completely different client, due to an off-by-one error (miscounting by one position in the data stream).
Fix: Update redis-py to version 4.3.6, 4.4.3, or 4.5.3 or later. The patches are available in the official repository at https://github.com/redis/redis-py/ for each version.
NVD/CVE DatabaseTensorFlow, an open-source machine learning platform, has a bug where creating a tflite model (a lightweight version of a machine learning model for mobile devices) with a filter_input_channel parameter set to less than 1 causes an FPE (floating-point exception, a math error that crashes the program). This vulnerability stems from an incorrect comparison in the code.
TensorFlow, an open source machine learning platform, had a bug in two pooling functions (`nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2`) that required certain parameters to equal 1.0 because pooling on batch and channel dimensions (the different ways data is organized in the neural network) was not supported. This vulnerability was fixed in TensorFlow versions 2.12.0 and 2.11.1.
TensorFlow, an open source machine learning platform, has a bug in versions before 2.12.0 and 2.11.1 where the `tf.raw_ops.ParallelConcat` function crashes due to a null pointer dereference (trying to use a memory location that hasn't been set) when given a `shape` parameter with rank (dimensionality) of zero or less. This crash makes the program stop working unexpectedly.
TensorFlow, an open source machine learning platform, has a bug in versions before 2.12.0 and 2.11.1 where the `tf.raw_ops.Bincount` function crashes when given a `weights` parameter that doesn't match the shape of the `arr` parameter or isn't a length-0 tensor (a parameter with zero elements). This crash only happens when XLA (accelerated linear algebra, a compiler for machine learning) is enabled.
TensorFlow, an open source machine learning platform, has a null pointer error (a crash caused by the program trying to access memory that doesn't exist) in its RandomShuffle function when XLA (a compiler for machine learning) is enabled in versions before 2.12.0 and 2.11.1. This vulnerability has been assigned CVE-2023-25674.
TensorFlow (an open source machine learning platform) versions before 2.12.0 and 2.11.1 have a Floating Point Exception bug in TensorListSplit with XLA (a compiler that speeds up machine learning computations). This bug could cause the program to crash when certain operations are performed.
TensorFlow, an open source platform for machine learning, has a bug in the `tf.raw_ops.LookupTableImportV2` function where it cannot properly handle scalar values (single values, not arrays) in the `values` parameter, causing an NPE (null pointer exception, when the program tries to use a value that doesn't exist). This is a type of vulnerability called NULL Pointer Dereference (CWE-476).
TensorFlow (an open source platform for machine learning) has a vulnerability called out-of-bounds access (a bug where code tries to read or write data outside the memory area it should access), caused by mismatched integer type sizes (using different number formats where the same one was expected). The issue can be fixed by updating to TensorFlow version 2.12.0 or 2.11.1.
TensorFlow (an open source machine learning platform) versions before 2.12.0 and 2.11.1 have a null pointer dereference (a crash caused by trying to access memory that doesn't exist) in a specific feature called QuantizedMatMulWithBiasAndDequantize when MKL (a math optimization library) is enabled. This bug can cause the software to crash or behave unexpectedly.
TensorFlow (an open source platform for machine learning) has a bug in the `tf.raw_ops.AvgPoolGrad` function where invalid input values can cause a floating point exception (a crash due to an illegal math operation). This affects TensorFlow versions before 2.12.0 and 2.11.1.
TensorFlow (an open-source machine learning platform) versions before 2.12.0 and 2.11.1 have a vulnerability that allows attackers to access heap memory (the part of a computer's memory used for dynamic storage) that shouldn't be accessible, potentially causing the program to crash or allowing remote code execution (running commands on a system remotely without authorization). This is caused by heap-based buffer overflow and out-of-bounds read errors (reading data from memory locations outside the intended boundaries).
TensorFlow, an open source machine learning platform, had an integer overflow vulnerability (a bug where calculations exceed the maximum number a computer can store) in versions before 2.12.0 and 2.11.1. The bug occurred when processing video frames with certain dimensions, potentially affecting full HD screencasts with at least 346 frames.
TensorFlow, an open source machine learning platform, had a floating point exception (a math error that crashes a program) in its AudioSpectrogram component before versions 2.12.0 and 2.11.1. This bug could cause the software to crash when processing certain audio data.
TensorFlow (an open source platform for machine learning) versions before 2.12.0 and 2.11.1 have a bug where the SparseSparseMaximum function crashes with a null pointer error (when the program tries to access memory that doesn't exist) if given invalid sparse tensors (multi-dimensional arrays with mostly empty values) as inputs. This is a stability issue that can cause the program to fail.
TensorFlow, an open source machine learning platform, had a heap buffer overflow vulnerability (a memory safety bug where data is written beyond allocated space) in a function called TAvgPoolGrad before versions 2.12.0 and 2.11.1. This vulnerability could potentially allow attackers to crash the software or execute code.
TensorFlow, an open source machine learning platform, had a vulnerability in versions before 2.12.0 and 2.11.1 where a null pointer dereference (a crash caused by trying to use a memory location that doesn't exist) could occur in the Lookup function when a certain pointer was null. This weakness is classified as CWE-476 (NULL Pointer Dereference).
TensorFlow, an open source machine learning platform, has a vulnerability in versions before 2.12.0 and 2.11.1 involving integer overflow (a math error where a number gets too large and wraps around) in the EditDistance function. This bug could potentially cause unexpected behavior or crashes in machine learning programs using affected versions.
TensorFlow, an open source platform for machine learning, has a bug in its `tf.raw_ops.Print` function that causes a seg fault (a crash where the program tries to access memory it shouldn't) when the `summarize` parameter is set to zero. The bug happens because the code tries to use a nullptr (a reference to nothing instead of valid data).
TensorFlow, an open source machine learning platform, had a vulnerability where mismatched parameters in the `DynamicStitch` function could cause a stack OOB read (out-of-bounds read, where a program accesses memory it shouldn't). This flaw affected versions before 2.12.0 and 2.11.1.
Fix: The issue has been patched in TensorFlow version 2.12. TensorFlow will also apply the fix to version 2.11.1. Users can reference the patch commit at https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa.
NVD/CVE DatabaseFix: Update to TensorFlow version 2.12.0 or 2.11.1, which include the fix for this vulnerability.
NVD/CVE DatabaseFix: Update TensorFlow to version 2.12.0 or 2.11.1 or later, which contain the fix for this vulnerability.
NVD/CVE DatabaseFix: Update to TensorFlow version 2.12.0 or 2.11.1, which include a fix for this issue.
NVD/CVE DatabaseFix: Update TensorFlow to version 2.12.0 or 2.11.1, which include the fix for this null pointer error.
NVD/CVE DatabaseFix: Update to TensorFlow version 2.12.0 or version 2.11.1, where the fix is included.
NVD/CVE DatabaseFix: A fix is included in TensorFlow version 2.12.0 and version 2.11.1. Users can also reference the patch at https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69.
NVD/CVE DatabaseFix: A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
NVD/CVE DatabaseFix: Update to TensorFlow version 2.12.0 or version 2.11.1, which include fixes for this vulnerability.
NVD/CVE DatabaseFix: Update to TensorFlow version 2.12.0 or version 2.11.1, which include a fix for this issue.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow version 2.12.0 and will also be cherry-picked (selectively applied) to TensorFlow version 2.11.1.
NVD/CVE DatabaseFix: Update to TensorFlow version 2.12.0 or version 2.11.1, which include the fix for this vulnerability.
NVD/CVE DatabaseFix: Update TensorFlow to version 2.12.0 or version 2.11.1, which include the fix for this vulnerability.
NVD/CVE DatabaseFix: Update to TensorFlow version 2.12.0 or version 2.11.1, which include a fix for this vulnerability.
NVD/CVE DatabaseFix: Update TensorFlow to version 2.12.0 or 2.11.1, which include the fix for this vulnerability.
NVD/CVE DatabaseFix: Update to TensorFlow version 2.12.0 or 2.11.1, which include the fix for this vulnerability. The patch is available at https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a.
NVD/CVE DatabaseFix: Update TensorFlow to version 2.12.0 or version 2.11.1, both of which include a fix for this vulnerability.
NVD/CVE DatabaseFix: A fix is included in TensorFlow version 2.12.0 and version 2.11.1. Users should update to one of these versions or later.
NVD/CVE DatabaseFix: Update TensorFlow to version 2.12.0 or version 2.11.1, which include the fix for this vulnerability.
NVD/CVE Database