AI & LLM Vulnerabilities

TensorFlow, an open source machine learning platform, has a vulnerability where an attacker can cause a denial of service (making a service unavailable) by triggering a FPE (floating-point exception, a math error that crashes a program) runtime error in a specific function called `tf.raw_ops.Reverse`. The bug happens because the code divides by the first dimension of a tensor (a multi-dimensional array of numbers) without properly checking if that dimension is zero.

TensorFlow is a machine learning platform that has a vulnerability in its `tf.raw_ops.FusedBatchNorm` operation, which can be exploited by an attacker to cause a denial of service (making the system unavailable) through a FPE runtime error (a math operation that crashes when dividing by zero). The problem occurs because the code performs division based on a dimension value that users can control.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.QuantizeAndDequantizeV3` function where an attacker can read data outside the bounds of a heap allocated buffer (memory region used for dynamic storage) by exploiting an unvalidated `axis` attribute. The code fails to check the user-supplied `axis` value before using it to access array elements, potentially allowing unauthorized data access.

TensorFlow, an open-source machine learning platform, has a vulnerability where an attacker can crash the program by passing an empty tensor (a multi-dimensional array of numbers) as the `num_segments` argument to the `UnsortedSegmentJoin` operation. The code assumes this input will always be a valid scalar (a single number), so when it's empty, a safety check fails and terminates the process, causing a denial of service (making the system unavailable).

TensorFlow, a platform for building machine learning models, has a bug in its `MatrixTriangularSolve` function (a tool for solving certain types of math problems) where the program fails to stop running if a validation check (a safety test) fails. This could cause the system to hang or consume resources indefinitely.

TensorFlow has a vulnerability in the `FractionalAvgPool` operation where an attacker can provide specially crafted input values to cause a division by zero error (a crash caused by dividing by zero), leading to denial of service (making the system unavailable). The bug happens because user-controlled values aren't properly validated before being used in mathematical operations, allowing the computed output size to become zero.

TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a division by zero error (attempting to divide by zero, which crashes a program) in a specific operation called `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. The bug happens because the code performs a modulo operation (finding the remainder after division) without checking if the divisor is zero first, and an attacker can craft input shapes to make this divisor equal zero.

TensorFlow, an open source machine learning platform, has a vulnerability where attackers can trigger a division by zero error (attempting to divide a number by zero, which crashes a program) in a specific operation, causing the service to become unavailable. The bug exists because the code doesn't properly check all the requirements that should be enforced before running the operation.

TensorFlow, an open source machine learning platform, has a vulnerability in a specific operation called `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization` that allows attackers to crash the system by accessing memory outside intended bounds. The bug occurs when the operation receives empty inputs, causing it to try to read from an invalid memory location.

TensorFlow, an open source platform for machine learning, has a vulnerability where an attacker can cause an integer division by zero (a crash caused by dividing by zero) in the `tf.raw_ops.QuantizedBiasAdd` function. The bug occurs because the code divides by the number of elements in an input without first checking that this number is not zero.

TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a denial of service (making the system crash or stop responding) by triggering a failed safety check when converting sparse tensors (data structures with mostly empty values) to CSR sparse matrices. The bug happens because the code tries to access memory locations that are outside the bounds of allocated space, which can corrupt data.

TensorFlow has a vulnerability where an attacker can crash the system (a denial of service, or DoS attack) by sending specially crafted data to a specific function called `tf.raw_ops.QuantizeAndDequantizeV4Grad`. The bug happens because the function doesn't check that its input data (called tensors, which are multi-dimensional arrays) has the correct structure, causing the program to fail when it tries to process them.

TensorFlow, an open-source machine learning platform, has a vulnerability in its CTCGreedyDecoder function that allows attackers to crash the program through a denial of service attack (an attack that makes a service unavailable). The problem occurs because the code uses a CHECK statement that aborts the program instead of handling invalid input properly.

TensorFlow, a machine learning platform, has a vulnerability where attackers can cause a heap buffer overflow (a memory safety error where data is written beyond allocated memory) by sending specially crafted inputs to the `tf.raw_ops.StringNGrams` function. The problem occurs because the code doesn't properly handle edge cases where input splitting results in only padding elements, potentially causing the program to read from invalid memory locations.

A vulnerability in TensorFlow (a platform for building machine learning models) allows an attacker to cause a null pointer dereference (a crash caused by trying to access memory that doesn't exist) in the `tf.raw_ops.StringNGrams` function by providing invalid input that isn't properly checked. This happens because the code doesn't fully validate the `data_splits` argument before using it, potentially causing the program to crash when trying to write data.

TensorFlow, an open source platform for machine learning, has a vulnerability where an attacker can cause a heap buffer overflow (a memory corruption bug where data is written beyond the intended memory region) in the Conv2DBackpropFilter function. This happens because the code calculates the filter tensor size but doesn't check that it matches the actual number of elements, leading to memory safety issues when the code later reads or writes to this buffer.

TensorFlow (an open source machine learning platform) has a bug where calling a specific function with certain data types causes a segfault (crash where the program tries to access invalid memory). The function assumes the data will be simple scalars (single values), but fails when given more complex data types like `tf.resource` or `tf.variant`.

TensorFlow, a machine learning platform, has a vulnerability (CVE-2021-29538) where an attacker can cause a division by zero error in the Conv2DBackpropFilter function (a tool for training neural networks) by providing empty tensor shapes, which could crash the system. The bug occurs because the code calculates a divisor from user input without checking if it equals zero before dividing by it.

TensorFlow, a machine learning platform, has a vulnerability where attackers can cause a heap buffer overflow (a memory safety error where data is written past the intended memory boundaries) in the `QuantizedResizeBilinear` function by providing invalid threshold values for quantization (the process of reducing data precision). The bug occurs because the code assumes these inputs are always valid numbers and doesn't properly check them before using them.

TensorFlow, a machine learning platform, has a heap buffer overflow vulnerability (a memory safety bug where code writes beyond allocated memory) in the `QuantizedReshape` function. The vulnerability occurs when an attacker passes empty tensors (multi-dimensional arrays) as threshold inputs, causing the code to incorrectly access memory at position 0 of an empty buffer.