aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6609 items

CVE-2022-23590: Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23590

TensorFlow (an open source machine learning framework) has a vulnerability where a maliciously altered GraphDef (a representation of a machine learning model's computation graph) from a SavedModel can crash a TensorFlow process by forcing extraction of a value from a StatusOr (a data structure that holds either a valid result or an error state). The issue affects both TensorFlow 2.7 and 2.8 versions.

Fix: The issue has been patched in TensorFlow 2.8.0 and TensorFlow 2.7.1. Users should upgrade to these versions or later.

NVD/CVE Database

CVE-2022-23589: Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can t

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23589

TensorFlow, a machine learning framework, has a vulnerability (CVE-2022-23589) in its Grappler component (a graph optimization tool) that can cause a null pointer dereference (crash from accessing invalid memory) when processing maliciously altered SavedModel files (serialized machine learning models). The bug occurs in two places during optimization operations and can be triggered by missing required nodes in the computation graph.

CVE-2022-23588: Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `S

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23588

A malicious user can crash TensorFlow (an open source machine learning framework) by modifying a SavedModel (a pre-trained model file) in a way that tricks the Grappler optimizer (a tool that improves model performance) into building a tensor with an invalid reference dtype (data type), causing the program to fail.

CVE-2022-23587: Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vu

highvulnerability
security
Feb 4, 2022
CVE-2022-23587

TensorFlow, an open-source machine learning framework, has a vulnerability in its Grappler component (a tool that optimizes computational graphs) that causes an integer overflow (when a number becomes too large to store) during cost estimation for crop and resize operations. Since attackers can control the cropping parameters, they can trigger undefined behavior (unpredictable actions that may crash the system or cause other problems).

CVE-2022-23586: Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `S

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23586

A vulnerability in TensorFlow (an open-source machine learning framework) allows an attacker to cause a denial of service by modifying a SavedModel (a packaged version of a trained model) in a way that triggers false assertions in the code and crashes the Python interpreter. This vulnerability affects multiple versions of TensorFlow.

CVE-2022-23585: Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak i

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23585

TensorFlow, an open-source machine learning framework, has a memory leak (unused memory that is not freed) when decoding invalid PNG image files. The problem occurs because error-handling code exits the function early without properly freeing allocated buffers (chunks of memory that were set aside for use).

CVE-2022-23584: Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decod

highvulnerability
security
Feb 4, 2022
CVE-2022-23584

TensorFlow (an open-source machine learning framework) has a vulnerability where a malicious user can trigger a use after free bug (accessing memory that has already been freed) when decoding PNG images. The problem occurs because after a memory cleanup function is called, the width and height values are left in an unpredictable state.

CVE-2022-23583: Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `S

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23583

A vulnerability in TensorFlow (an open-source machine learning framework) allows a malicious user to cause a denial of service (making a service unavailable) by modifying a SavedModel (a format for storing trained models) so that binary operations receive corrupted data due to type confusion (using data as if it were a different type than it actually is). This type mismatch between expected and actual data types can cause the program to crash.

CVE-2022-23582: Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `S

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23582

A vulnerability in TensorFlow (an open-source machine learning framework) allows attackers to cause a denial of service (making a service unavailable) by modifying a SavedModel (a serialized TensorFlow model) so that the TensorByteSize function crashes. The problem occurs because the TensorShape constructor crashes when it encounters partial shapes (incomplete dimension information) or very large numbers, instead of gracefully handling them like PartialTensorShape does.

CVE-2022-23581: Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a den

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23581

A vulnerability in TensorFlow (an open source machine learning framework) exists in the Grappler optimizer, which can be exploited to cause a denial of service (making a system unavailable by overloading it) by modifying a SavedModel file so that a function called IsSimplifiableReshape triggers CHECK failures (unexpected error conditions that crash the program).

CVE-2022-23580: Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23580

TensorFlow, an open-source machine learning framework, has a vulnerability in its shape inference process where it can allocate a large vector based on user-controlled input, potentially causing uncontrolled resource consumption (using excessive memory or CPU). This happens because the system doesn't properly validate the size of data requested by users.

CVE-2022-23579: Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a den

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23579

TensorFlow (an open source machine learning framework) has a vulnerability in its Grappler optimizer (a tool that improves how machine learning models run) that allows attackers to cause a denial of service (making the system stop working) by modifying a SavedModel (a saved machine learning model) in a way that triggers crashes. This vulnerability affects multiple versions of TensorFlow.

CVE-2022-23578: Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the i

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23578

TensorFlow (an open-source machine learning framework) has a memory leak bug in a function called `ImmutableExecutorState::Initialize`. When a graph node (a processing unit in a machine learning model) is invalid, the software sets a pointer (a reference to a location in memory) to null without freeing the memory it previously pointed to, causing that memory to be wasted and unavailable for other tasks.

CVE-2022-23577: Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caus

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23577

TensorFlow, an open source machine learning framework, has a vulnerability in the `GetInitOp` function that can crash the software through a null pointer dereference (accessing memory that doesn't exist). The vulnerability affects multiple versions of TensorFlow.

CVE-2022-23576: Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSiz

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23576

TensorFlow (an open-source machine learning framework) has a vulnerability in its `OpLevelCostEstimator::CalculateOutputSize` function where an integer overflow (when a calculation produces a number too large for the system to handle) can occur if an attacker creates an operation with tensors (multi-dimensional arrays of numbers) containing enough elements. The vulnerability can be triggered either by using many dimensions or by making individual dimensions large enough to cause the overflow.

CVE-2022-23575: Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSiz

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23575

TensorFlow, an open-source machine learning framework, has a vulnerability in its `OpLevelCostEstimator::CalculateTensorSize` function that can be exploited through integer overflow (a type of bug where numbers become too large for the program to handle correctly). An attacker could trigger this by creating an operation with a tensor (a multi-dimensional array of data) containing an extremely large number of elements.

CVE-2022-23574: Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results

highvulnerability
security
Feb 4, 2022
CVE-2022-23574

TensorFlow, an open-source machine learning framework, has a typo in its `SpecializeType` code that causes a heap OOB (out-of-bounds, where the program tries to read or write memory outside the area it's allowed to access) read/write vulnerability. Due to the typo, a variable called `arg` uses the wrong loop index, which allows code to read and modify data outside the intended memory bounds.

CVE-2022-23573: Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitia

highvulnerability
security
Feb 4, 2022
CVE-2022-23573

TensorFlow's `AssignOp` (a copy operation in machine learning code) has a bug where it can copy uninitialized data (memory with random or leftover values) to a new tensor, causing unpredictable behavior. The code only checks that the destination is ready, but not the source, leaving room for uninitialized data to be used.

CVE-2022-23572: Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a ty

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23572

TensorFlow (an open source machine learning framework) has a bug where it sometimes fails to determine data types correctly during shape inference (the process of figuring out what dimensions data will have). The bug is hidden in production builds because assertion checks are disabled, causing the program to crash when it tries to use an error result as if it were valid data.

CVE-2022-23571: Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23571

TensorFlow (an open source machine learning framework) has a vulnerability where attackers can crash TensorFlow processes by sending specially crafted data with invalid tensor types or shapes during decoding from protobuf (a data format used to serialize structured data). This is a denial of service attack, meaning the attacker can make the system stop working rather than gain unauthorized access.

Previous301 / 331Next

Fix: The fix will be included in TensorFlow 2.8.0. The patch will also be backported to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. The fix will also be applied to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. This commit will also be applied to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these versions are still supported.

NVD/CVE Database

Fix: Update to TensorFlow 2.8.0, or apply the fix through updates to TensorFlow 2.7.1, TensorFlow 2.6.3, or TensorFlow 2.5.3. Patches are available in the following commits: 3d89911481ba6ebe8c88c1c0b595412121e6c645 and dcc21c7bc972b10b6fb95c2fb0f4ab5a59680ec2.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. The fix will also be applied to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

NVD/CVE Database

Fix: Update to TensorFlow 2.8.0 or apply patches to the following supported versions: TensorFlow 2.7.1, TensorFlow 2.6.3, or TensorFlow 2.5.3. These versions contain the fix for this vulnerability.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. The fix will also be backported (adapted for older versions) to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. Additionally, the patch will be backported (applied to earlier versions still receiving support) to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. Patches will also be cherry-picked (backported to earlier versions) for TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, which are still in the supported range.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. The vulnerability is also being patched in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, which are still in the supported range.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3 will also receive the fix through a cherrypick (applying the same fix to older supported versions).

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. The fix will also be backported (applied to older versions still being supported) to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3 will also receive this fix through a cherrypick (applying the same code change to older supported versions).

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. The fix will also be applied to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. The vulnerability will also be patched in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, which are still in the supported range.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. The commit will also be cherry-picked (applied to older versions) on TensorFlow 2.7.1 and TensorFlow 2.6.3.

NVD/CVE Database

Fix: Update to TensorFlow 2.8.0. If you cannot upgrade immediately, apply backported fixes available in TensorFlow 2.7.1, TensorFlow 2.6.3, or TensorFlow 2.5.3, which are still supported versions.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. The fix will also be applied to TensorFlow 2.7.1 and TensorFlow 2.6.3, which are still in the supported range.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. The vulnerability will also be patched in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

NVD/CVE Database