aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6609 items

CVE-2022-23570: Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a nul

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23570

TensorFlow, an open-source machine learning framework, has a bug where it can crash or behave unpredictably when decoding certain data structures (protobuf, a format for storing structured data) if some required information is missing. The problem occurs because the code only checks for this issue in debug builds (test versions), not in production builds (versions used in real applications), so real users may experience crashes or undefined behavior.

Fix: The fix will be included in TensorFlow 2.8.0. TensorFlow 2.7.1 and TensorFlow 2.6.3 will also receive this fix through a cherrypick (backporting the fix to older supported versions).

NVD/CVE Database

CVE-2022-23566: Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The

highvulnerability
security
Feb 4, 2022
CVE-2022-23566

TensorFlow, an open-source machine learning framework, has a vulnerability in its Grappler component where the `set_output` function can write data to an array at any index specified by an attacker, creating a heap OOB write (out-of-bounds write, where data is written to memory locations it shouldn't access). This gives a malicious user the ability to write arbitrary data to unintended memory locations.

CVE-2022-23565: Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23565

TensorFlow (an open-source machine learning framework) has a vulnerability where an attacker can crash the system by modifying a SavedModel file on disk to contain duplicate operation attributes, triggering an assertion failure (a built-in check that causes the program to stop if a condition is false). This is a denial of service attack (making a system unavailable to legitimate users).

CVE-2022-23564: Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorF

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23564

TensorFlow (an open source machine learning framework) has a vulnerability where attackers can crash TensorFlow processes by providing specially crafted input when the system converts protobuf (a data format) into resource handle tensors, because a validation check can be bypassed through user-controlled arguments.

CVE-2022-23563: Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create

highvulnerability
security
Feb 4, 2022
CVE-2022-23563

TensorFlow, an open-source machine learning framework, uses an unsafe function called `tempfile.mktemp` to create temporary files in multiple places. This creates a race condition vulnerability (TOC/TOU, a timing gap where another process can interfere between when the system checks if a filename exists and when it actually creates the file), which is especially dangerous in utility and library code rather than just testing code.

CVE-2022-23562: Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. T

highvulnerability
security
Feb 4, 2022
CVE-2022-23562

TensorFlow (an open-source framework for building machine learning models) has a vulnerability in its Range function where integer overflows (when numbers get too large and wrap around to incorrect values) can cause undefined behavior or extremely large memory allocations. This bug affects multiple versions of the software.

CVE-2022-23561: Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write o

highvulnerability
security
Feb 4, 2022
CVE-2022-23561

An attacker can create a malicious TFLite model (a compressed machine learning format for mobile devices) that writes data outside the boundaries of an array in TensorFlow, potentially overwriting the memory allocator's linked list (a data structure that tracks available memory) to achieve arbitrary write access to system memory. This vulnerability affects multiple versions of TensorFlow, an open-source framework for building AI systems.

CVE-2022-23560: Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited r

highvulnerability
security
Feb 4, 2022
CVE-2022-23560

TensorFlow, an open-source machine learning framework, has a vulnerability in TFLite (TensorFlow Lite, a lightweight version for mobile devices) where an attacker can create a specially crafted model that allows limited reads and writes outside of arrays by exploiting missing validation during conversion from sparse tensors (data structures with mostly empty values) to dense tensors (fully populated data structures). This vulnerability affects multiple versions of TensorFlow.

CVE-2022-23559: Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an intege

highvulnerability
security
Feb 4, 2022
CVE-2022-23559

TensorFlow (an open-source machine learning framework) has a vulnerability where an attacker can create a malicious TFLite model (a lightweight version of TensorFlow for mobile devices) that causes an integer overflow (when a number calculation exceeds the maximum value a computer can store) in embedding lookup operations. This overflow can sometimes lead to heap OOB read/write (accessing memory outside the intended boundaries), potentially allowing attackers to read or corrupt data.

CVE-2022-23558: Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an intege

highvulnerability
security
Feb 4, 2022
CVE-2022-23558

An attacker can create a malicious TFLite model (a lightweight version of TensorFlow used on mobile devices) that causes an integer overflow (where a number gets too large to fit in its storage space, wrapping around to a negative or small value) in TensorFlow's `TfLiteIntArrayCreate` function. The vulnerability happens because the code returns an `int` instead of a larger `size_t` datatype, allowing attackers to manipulate model inputs so the calculated size exceeds what an `int` can hold.

CVE-2022-23557: Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a divis

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23557

TensorFlow, an open-source machine learning framework, has a vulnerability in its TFLite (TensorFlow Lite, a version optimized for mobile devices) model processor where an attacker can create a specially crafted model that causes a division by zero error (attempting to divide a number by zero, which crashes programs) in the `BiasAndClamp` function because the code doesn't check if `bias_size` is zero before using it.

CVE-2022-21741: Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trig

mediumvulnerability
security
Feb 3, 2022
CVE-2022-21741

A vulnerability in TensorFlow (an open-source machine learning framework) allows an attacker to create a malicious TFLite model (TensorFlow Lite, a lightweight version of TensorFlow) that causes a division by zero error in depthwise convolutions (a type of neural network operation). The bug occurs because the code divides by a user-controlled parameter without first checking that it is positive.

CVE-2022-21740: Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable t

highvulnerability
security
Feb 3, 2022
CVE-2022-21740

TensorFlow, an open-source machine learning framework, has a vulnerability in its `SparseCountSparseOutput` function that allows a heap overflow (a type of memory corruption where a program writes data beyond allocated memory boundaries). The vulnerability affects multiple versions of TensorFlow.

CVE-2022-21739: Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined behav

mediumvulnerability
security
Feb 3, 2022
CVE-2022-21739

TensorFlow (an open source machine learning framework) has a bug in its `QuantizedMaxPool` function where user-controlled inputs can trigger a null pointer dereference (a crash caused by the program trying to access memory that doesn't exist). The vulnerability allows attackers to potentially cause the program to crash or behave unpredictably.

CVE-2022-21738: Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` can be made to

mediumvulnerability
security
Feb 3, 2022
CVE-2022-21738

TensorFlow, an open source machine learning framework, has a vulnerability in its `SparseCountSparseOutput` function where an integer overflow (a number becoming too large for its storage space) can crash the TensorFlow process during memory allocation. This vulnerability affects multiple versions of TensorFlow.

CVE-2022-21737: Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious u

mediumvulnerability
security
Feb 3, 2022
CVE-2022-21737

TensorFlow (an open-source machine learning framework) has a vulnerability in its Bincount operations that allows attackers to crash the system (denial of service) by sending specially crafted arguments that trigger internal safety checks to fail. The problem occurs because some invalid input conditions aren't caught early enough during the system's processing stages, leading to crashes when the system tries to allocate memory for output data.

CVE-2022-23569: Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a deni

mediumvulnerability
security
Feb 3, 2022
CVE-2022-23569

TensorFlow (an open-source machine learning framework) has a vulnerability where certain operations can crash the program through denial of service attacks (making it unavailable by triggering assertion failures, which are safety checks in code that stop execution if something goes wrong). The developers have fixed the issue and plan to release patches across multiple supported versions.

CVE-2022-21735: Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalMaxPool` can be made to crash

mediumvulnerability
security
Feb 3, 2022
CVE-2022-21735

TensorFlow, an open-source machine learning framework, has a vulnerability in its `FractionalMaxPool` function (a pooling operation used in neural networks) that can crash the program through a division by zero error (attempting to divide a number by zero, which is mathematically undefined). The vulnerability affects multiple versions of TensorFlow.

CVE-2022-21734: Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail i

mediumvulnerability
security
Feb 3, 2022
CVE-2022-21734

TensorFlow, an open-source machine learning framework, has a vulnerability in its `MapStage` component where a CHECK-fail (a type of crash caused by a failed validation check) occurs if the key tensor (a multi-dimensional array of data) is not a scalar (a single value). This bug can cause the program to crash unexpectedly.

CVE-2022-21729: Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a divisio

mediumvulnerability
security
Feb 3, 2022
CVE-2022-21729

TensorFlow, an open-source machine learning framework, has a vulnerability in its `UnravelIndex` function caused by an integer overflow bug (a situation where a number becomes too large for the system to handle correctly) that leads to division by zero. This flaw affects multiple versions of TensorFlow and could allow attackers to crash or disrupt the software.

Previous302 / 331Next

Fix: The fix will be included in TensorFlow 2.8.0. TensorFlow 2.7.1, 2.6.3, and 2.5.3 will also receive the fix via a cherry-pick (applying specific code changes to older versions), as these versions are still supported and also affected.

NVD/CVE Database

Fix: Update to TensorFlow 2.8.0 or apply the patch from the commit at https://github.com/tensorflow/tensorflow/commit/c2b31ff2d3151acb230edc3f5b1832d2c713a9e0. The fix will also be included in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

NVD/CVE Database

Fix: Update to TensorFlow 2.8.0, or apply cherrypicked fixes available in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

NVD/CVE Database

Fix: The source states: "We have patched the issue in several commits, replacing `mktemp` with the safer `mkstemp`/`mkdtemp` functions, according to the usage pattern. Users are advised to upgrade as soon as possible."

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. The vulnerability will also be patched in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, which are still supported versions.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. The same fix will also be cherry-picked (backported) to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

NVD/CVE Database

Fix: Upgrade to TensorFlow 2.8.0. For users on earlier supported versions, patches are also available in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3. Users are advised to upgrade as soon as possible.

NVD/CVE Database

Fix: Users are advised to upgrade to a patched version. Patches are available at: https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043, https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4, and https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. It will also be backported (applied to older versions still receiving updates) to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. The patch will also be applied to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. It will also be cherry-picked (applied as a patch) to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. Patches will also be cherry-picked (applied) to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, which are still in the supported range.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. The patch will also be backported to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3. Users should update to one of these versions or later.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3 will also receive this fix through a cherry-pick (applying the same fix to older supported versions).

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. The fix will also be backported (applied to older versions) in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. Patches will also be cherry-picked (applied retroactively) to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3 will also receive this fix through a cherrypick commit, as these versions are still supported.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. The vulnerability will also be patched in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, which are still in the supported range.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3 will also receive this fix through a cherrypick (applying a specific code change to older versions).

NVD/CVE Database