Browse All

TensorFlow, an open-source machine learning platform, has a vulnerability in the `ParameterizedTruncatedNormal` function where attackers can cause undefined behavior (unpredictable program crashes or corruption) by passing an empty array as input, because the code doesn't check if the input is valid before trying to access its first element. This flaw affects multiple versions of the software.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.SparseDenseCwiseMul` function that lacks proper validation of input dimensions. An attacker can exploit this to cause denial of service (program crashes through failed checks) or write to memory locations outside the bounds of allocated buffers (heap overflow, unintended memory access).

TensorFlow, a machine learning platform, has a vulnerability where attackers can write data outside the allocated memory bounds (a heap buffer overflow) by sending invalid arguments to a specific function called `tf.raw_ops.Dilation2DBackpropInput`. The bug exists because the code doesn't properly check input values before writing to memory arrays.

TensorFlow, an open-source machine learning platform, has a vulnerability (CVE-2021-29565) where a null pointer dereference (a crash caused by the program trying to use memory it shouldn't access) can occur in the `tf.raw_ops.SparseFillEmptyRows` function if an attacker provides an empty `dense_shape` tensor due to missing validation checks. This flaw affects multiple versions of TensorFlow and could allow an attacker to crash the program.

TensorFlow, a machine learning platform, has a vulnerability in its EditDistance function where attackers can cause a null pointer dereference (a crash caused by accessing memory that doesn't exist) by sending specially crafted input parameters that don't get validated properly. The vulnerability allows attackers to potentially crash or disrupt TensorFlow applications.

TensorFlow (an open source platform for machine learning) has a vulnerability where an attacker can crash the program by sending empty data to the RFFT function (a mathematical operation for transforming signals). The crash happens because the underlying code (Eigen, a math library) fails an assertion (a safety check) when it tries to process an empty matrix (a grid of numbers with no values).

TensorFlow (an open-source machine learning platform) has a vulnerability where an attacker can cause a denial of service (making a service unavailable) by triggering a CHECK-failure in the `tf.raw_ops.IRFFT` function, which is part of TensorFlow's low-level operations. This happens because of a reachable assertion (a check in the code that can be deliberately violated).

CVE-2021-29561 is a vulnerability in TensorFlow (an open source machine learning platform) where an attacker can crash a program by sending an invalid tensor (a multi-dimensional array of numbers) to the `LoadAndRemapMatrix` function instead of the expected scalar value (a single number). This causes a validation check to fail and terminates the process, creating a denial of service attack (making the system unavailable).

TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a heap buffer overflow (memory corruption from writing past allocated memory limits) in the RaggedTensorToTensor function by providing specially crafted input shapes. The bug occurs because the code uses the same index to access two different arrays, and if one array is shorter than the other, it reads or writes to invalid memory locations.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.UnicodeEncode` function that allows attackers to read data outside the bounds of a heap allocated array (memory that a program has requested to store data). The problem occurs because the code assumes the input data describes a valid sparse tensor (a matrix with mostly empty values) without properly validating it first.

TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a heap buffer overflow (a memory safety error where data is written outside its allocated space) in the `tf.raw_ops.SparseSplit` function by controlling an offset value that accesses an array.

TensorFlow (an open-source machine learning platform) has a vulnerability where an attacker can crash a system by triggering a divide-by-zero error (FPE, or floating-point exception) in a specific operation called `tf.raw_ops.SparseMatMul` when given an empty tensor (a multidimensional array with no data). This causes a denial of service attack (making the system unavailable to legitimate users).

TensorFlow, an open source machine learning platform, has a vulnerability where an attacker can cause a denial of service (making a service unavailable) by triggering a FPE (floating-point exception, a math error that crashes a program) runtime error in a specific function called `tf.raw_ops.Reverse`. The bug happens because the code divides by the first dimension of a tensor (a multi-dimensional array of numbers) without properly checking if that dimension is zero.

TensorFlow is a machine learning platform that has a vulnerability in its `tf.raw_ops.FusedBatchNorm` operation, which can be exploited by an attacker to cause a denial of service (making the system unavailable) through a FPE runtime error (a math operation that crashes when dividing by zero). The problem occurs because the code performs division based on a dimension value that users can control.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.QuantizeAndDequantizeV3` function where an attacker can read data outside the bounds of a heap allocated buffer (memory region used for dynamic storage) by exploiting an unvalidated `axis` attribute. The code fails to check the user-supplied `axis` value before using it to access array elements, potentially allowing unauthorized data access.

TensorFlow, an open-source machine learning platform, has a vulnerability where an attacker can crash the program by passing an empty tensor (a multi-dimensional array of numbers) as the `num_segments` argument to the `UnsortedSegmentJoin` operation. The code assumes this input will always be a valid scalar (a single number), so when it's empty, a safety check fails and terminates the process, causing a denial of service (making the system unavailable).

TensorFlow, a platform for building machine learning models, has a bug in its `MatrixTriangularSolve` function (a tool for solving certain types of math problems) where the program fails to stop running if a validation check (a safety test) fails. This could cause the system to hang or consume resources indefinitely.

TensorFlow has a vulnerability in the `FractionalAvgPool` operation where an attacker can provide specially crafted input values to cause a division by zero error (a crash caused by dividing by zero), leading to denial of service (making the system unavailable). The bug happens because user-controlled values aren't properly validated before being used in mathematical operations, allowing the computed output size to become zero.

TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a division by zero error (attempting to divide by zero, which crashes a program) in a specific operation called `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. The bug happens because the code performs a modulo operation (finding the remainder after division) without checking if the divisor is zero first, and an attacker can craft input shapes to make this divisor equal zero.

TensorFlow, an open source machine learning platform, has a vulnerability where attackers can trigger a division by zero error (attempting to divide a number by zero, which crashes a program) in a specific operation, causing the service to become unavailable. The bug exists because the code doesn't properly check all the requirements that should be enforced before running the operation.