Browse All

TensorFlow, an open source machine learning platform, has a vulnerability in its `QuantizedBiasAdd` function that crashes when given certain tensor inputs of nonzero rank (multi-dimensional arrays), allowing attackers to launch a denial of service attack (making the system unavailable). The developers have identified and patched the issue.

TensorFlow, an open source machine learning platform, has a vulnerability in the `FakeQuantWithMinMaxVars` function where providing certain types of input tensors (multidimensional arrays of numbers) causes the program to crash, enabling a denial of service attack (making a system unavailable to users). The vulnerability has been identified and fixed in the codebase.

TensorFlow (an open source platform for machine learning) has a bug in the `QuantizedInstanceNorm` function where passing certain tensor inputs (`x_min` or `x_max` with nonzero rank, which are multi-dimensional arrays of numerical data) causes a segfault (a crash from accessing invalid memory), allowing attackers to trigger a denial of service attack (making the system unavailable). The vulnerability was fixed and will be released in TensorFlow 2.10.0, with backported patches for earlier versions.

TensorFlow (an open-source machine learning platform) has a bug in the `Conv2DBackpropInput` function where it crashes if the `input_sizes` parameter is not 4-dimensional, allowing attackers to cause a denial of service (making the system unavailable). The issue has been fixed and will be released in upcoming versions.

TensorFlow, an open source machine learning platform, has a bug in the `AvgPoolGrad` function where it doesn't properly check the input parameter `orig_input_shape`. This incomplete validation causes a CHECK failure (a crash that stops the program), which attackers can exploit to perform a denial of service attack (making the system unavailable to legitimate users).

TensorFlow, an open source machine learning platform, has a vulnerability in its `QuantizedAdd` function (a tool for adding quantized numbers, which are rounded values used to save memory). If this function receives certain tensor inputs of nonzero rank (multi-dimensional arrays), it crashes the program, which can be exploited to cause a denial of service attack (making the system unavailable to legitimate users).

A bug in TensorFlow (an open source platform for machine learning) called `QuantizedAvgPool` can crash when given certain types of inputs, allowing attackers to launch a denial of service attack (making a system unavailable). The issue has been fixed and will be released in upcoming versions of the software.

TensorFlow (an open source platform for machine learning) has a bug where the `LowerBound` or `UpperBound` functions crash if given an empty input list, causing a nullptr dereference (trying to access memory that doesn't exist). This crash can be exploited to launch a denial of service attack (making the system unavailable to legitimate users).

TensorFlow (an open source platform for machine learning) has a bug in the `BlockLSTMGradV2` function that doesn't properly check its inputs, allowing attackers to crash the system with a denial of service attack (causing the program to stop working). The vulnerability affects multiple versions of TensorFlow.

A bug in TensorFlow (an open source machine learning platform) within a function called `FractionalAvgPoolGrad` doesn't properly check its input data, causing an overflow (when a number becomes too large for the program to handle) that crashes the program and can be exploited to launch a denial of service attack (making a service unavailable to users).

TensorFlow (an open source machine learning platform) has a bug in its TensorListReserve function where it assumes `num_elements` is a tensor with only one value, but crashes if given multiple values. This causes the function to fail when users try to use `tf.raw_ops.TensorListReserve` with improperly sized input.

TensorFlow (an open source machine learning platform) has a bug in `AvgPool3DGradOp` (a function that calculates gradients for 3D average pooling operations) where it doesn't properly check the `orig_input_shape` input value. This causes an overflow (when a number gets too large for its container) that crashes the system with a CHECK failure, allowing attackers to perform a denial of service attack (making the system unavailable).

TensorFlow, a machine learning platform, has a vulnerability in the `UnbatchGradOp` function (a component that processes gradient calculations) where it doesn't properly validate its inputs. If given a non-scalar `id` (a single value instead of what's expected) or an incorrectly sized `batch_index` (a list of indices), the function crashes the program. There are no known workarounds for this issue.

TensorFlow's `AvgPoolOp` function has a bug where it doesn't check if the `ksize` argument (a parameter that controls pooling window size) is positive, allowing negative values to crash the program. The issue has been patched and will be included in upcoming TensorFlow releases.

TensorFlow's `RaggedRangOp` function has a bug where passing a very large float value to the `limits` argument causes it to overflow when converted to an `int64` (a 64-bit integer type), crashing the entire program with an abort signal. This vulnerability affects multiple versions of TensorFlow and has no known workaround.

TensorFlow (an open source platform for machine learning) has a bug in SobolSampleOp that crashes the program when it receives unexpected input types, because the code assumes certain inputs will be scalars (single values rather than arrays). This denial of service vulnerability has been fixed and will be released in upcoming versions.

TensorFlow's tf.reshape operation (a function that changes a tensor's shape without altering its data) has a vulnerability that allows attackers to crash the program by causing an integer overflow (when a number exceeds the maximum value a system can store), triggering a denial of service attack (making the service unavailable). The issue affects multiple versions of TensorFlow and has been patched.