AI & LLM Vulnerabilities

TensorFlow, an open source platform for machine learning, has a vulnerability in a specific function called `tf.raw_ops.MaxPool3DGradGrad` that can cause a heap buffer overflow (a type of memory corruption where data overflows into adjacent memory). The problem occurs because the code doesn't properly check whether initialization completes successfully, leaving data in an invalid state.

A bug in TensorFlow (an open-source machine learning platform) in the `tf.raw_ops.ReverseSequence` function fails to check if input arguments are valid, allowing attackers to cause a denial of service (making the system crash or stop responding) through stack overflow (when a program uses too much memory on the call stack) or CHECK-failure (when an internal safety check fails). The vulnerability affects multiple recent versions of TensorFlow.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.MaxPool3DGradGrad` function where it doesn't check if input tensors (data structures that hold multi-dimensional arrays) are empty before accessing their contents. An attacker can provide empty tensors to cause a null pointer dereference (trying to access memory that doesn't exist), crashing the program or potentially executing malicious code.

TensorFlow, an open-source platform for machine learning, has a vulnerability in the `tf.raw_ops.MaxPoolGradWithArgmax` function where it divides by a batch dimension (a count of data samples) without first checking that the number is not zero. This can cause a division by zero error, which crashes the program or causes unexpected behavior.

TensorFlow, a machine learning platform, has a bug in the `tf.raw_ops.SdcaOptimizer` function where it crashes when given invalid input because it tries to access memory that doesn't exist (null pointer dereference, which is undefined behavior in programming). The code doesn't check that user inputs meet the function's requirements before processing them.

A vulnerability in TensorFlow (an open source machine learning platform) called CVE-2021-29570 affects the `tf.raw_ops.MaxPoolGradWithArgmax` function, which can read outside the bounds of allocated memory (a heap overflow) if an attacker provides specially designed inputs. The bug occurs because the code uses the same value to look up data in two different arrays without checking that both arrays are the same size.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.MaxPoolGradWithArgmax` function where specially crafted inputs can cause the program to read memory outside the bounds of allocated heap memory (a memory safety violation). The bug occurs because the code assumes input tensors contain at least one element, but if they're empty, accessing even the first element reads invalid memory.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `ParameterizedTruncatedNormal` function where attackers can cause undefined behavior (unpredictable program crashes or corruption) by passing an empty array as input, because the code doesn't check if the input is valid before trying to access its first element. This flaw affects multiple versions of the software.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.SparseDenseCwiseMul` function that lacks proper validation of input dimensions. An attacker can exploit this to cause denial of service (program crashes through failed checks) or write to memory locations outside the bounds of allocated buffers (heap overflow, unintended memory access).

TensorFlow, a machine learning platform, has a vulnerability where attackers can write data outside the allocated memory bounds (a heap buffer overflow) by sending invalid arguments to a specific function called `tf.raw_ops.Dilation2DBackpropInput`. The bug exists because the code doesn't properly check input values before writing to memory arrays.

TensorFlow, an open-source machine learning platform, has a vulnerability (CVE-2021-29565) where a null pointer dereference (a crash caused by the program trying to use memory it shouldn't access) can occur in the `tf.raw_ops.SparseFillEmptyRows` function if an attacker provides an empty `dense_shape` tensor due to missing validation checks. This flaw affects multiple versions of TensorFlow and could allow an attacker to crash the program.

TensorFlow, a machine learning platform, has a vulnerability in its EditDistance function where attackers can cause a null pointer dereference (a crash caused by accessing memory that doesn't exist) by sending specially crafted input parameters that don't get validated properly. The vulnerability allows attackers to potentially crash or disrupt TensorFlow applications.

TensorFlow (an open source platform for machine learning) has a vulnerability where an attacker can crash the program by sending empty data to the RFFT function (a mathematical operation for transforming signals). The crash happens because the underlying code (Eigen, a math library) fails an assertion (a safety check) when it tries to process an empty matrix (a grid of numbers with no values).

TensorFlow (an open-source machine learning platform) has a vulnerability where an attacker can cause a denial of service (making a service unavailable) by triggering a CHECK-failure in the `tf.raw_ops.IRFFT` function, which is part of TensorFlow's low-level operations. This happens because of a reachable assertion (a check in the code that can be deliberately violated).

CVE-2021-29561 is a vulnerability in TensorFlow (an open source machine learning platform) where an attacker can crash a program by sending an invalid tensor (a multi-dimensional array of numbers) to the `LoadAndRemapMatrix` function instead of the expected scalar value (a single number). This causes a validation check to fail and terminates the process, creating a denial of service attack (making the system unavailable).

TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a heap buffer overflow (memory corruption from writing past allocated memory limits) in the RaggedTensorToTensor function by providing specially crafted input shapes. The bug occurs because the code uses the same index to access two different arrays, and if one array is shorter than the other, it reads or writes to invalid memory locations.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.UnicodeEncode` function that allows attackers to read data outside the bounds of a heap allocated array (memory that a program has requested to store data). The problem occurs because the code assumes the input data describes a valid sparse tensor (a matrix with mostly empty values) without properly validating it first.

TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a heap buffer overflow (a memory safety error where data is written outside its allocated space) in the `tf.raw_ops.SparseSplit` function by controlling an offset value that accesses an array.

TensorFlow (an open-source machine learning platform) has a vulnerability where an attacker can crash a system by triggering a divide-by-zero error (FPE, or floating-point exception) in a specific operation called `tf.raw_ops.SparseMatMul` when given an empty tensor (a multidimensional array with no data). This causes a denial of service attack (making the system unavailable to legitimate users).