Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.
TensorFlow versions before 2.2.1 and 2.3.1 have a vulnerability in the `dlpack.to_dlpack` function where it can be tricked into using uninitialized memory (memory that hasn't been set to a known value), leading to further memory corruption. The problem occurs because the code assumes the input is a TensorFlow tensor, but an attacker can pass in a regular Python object instead, causing a faulty type conversion that accesses memory incorrectly.
Fix: Upgrade to TensorFlow version 2.2.1 or 2.3.1, where the issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8.
NVD/CVE DatabaseTensorFlow versions before 2.2.1 and 2.3.1 have a memory leak (wasted computer memory that isn't freed) when users pass a list of strings to a function called `dlpack.to_dlpack`. The bug happens because the code doesn't properly check for error conditions during validation, so it continues running even when it should stop and clean up.
TensorFlow versions before 2.2.1 and 2.3.1 have a bug where invalid arguments to `dlpack.to_dlpack` (a function that converts data between formats) cause the code to create null pointers (memory references that point to nothing) without properly checking for errors. This can lead to the program crashing or behaving unpredictably when it tries to use these invalid pointers.
TensorFlow versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 have a bug in the `tf.raw_ops.Switch` operation where it tries to access a null pointer (a reference to nothing), causing the program to crash. The problem occurs because the operation outputs two tensors (data structures in machine learning frameworks) but only one is actually created, leaving the other as an undefined reference that shouldn't be accessed.
A vulnerability in Oracle Java SE's JAXP component (a tool for processing XML data) allows attackers to modify or delete data without authentication by sending malicious data through network protocols. The flaw affects multiple Java versions including 7u261, 8u251, 11.0.7, and 14.0.1, and has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 5.3.
CVE-2018-16848 is a denial of service vulnerability in OpenStack Mistral (a workflow automation tool) affecting versions up to 7.0.3, where attackers can submit specially crafted workflow definition files with nested anchors (repeated references in YAML configuration files) to exhaust system resources and crash the service. The vulnerability exploits uncontrolled resource consumption (CWE-400, where a program doesn't limit how much memory or CPU it uses).
scikit-learn (a Python machine learning library) versions up to 0.23.0 have a vulnerability where the joblib.load() function (which deserializes, or reconstructs objects from saved files) can execute harmful commands if an untrusted file is loaded. However, the vulnerability is disputed because joblib.load() is documented as unsafe and users are responsible for only loading files they trust.
TensorFlow versions before 1.7.0 contain an integer overflow bug in the BMP decoder (DecodeBmp feature) that allows out-of-bounds read (accessing memory beyond intended boundaries), potentially exposing sensitive data from the computer's memory. This vulnerability exists in the file core/kernels/decode_bmp_op.cc and is classified as a CWE-125 weakness.
CVE-2019-20634 is a vulnerability in Proofpoint Email Protection where attackers can collect scoring information from email headers to build a copycat machine learning model. By understanding how this model works, attackers can craft malicious emails designed to receive favorable scores and bypass the email filter.
TensorFlow versions before 1.15.2 and 2.0.1 have a bug where converting a string to a tf.float16 value (a 16-bit floating-point number) causes a segmentation fault (a crash where the program tries to access memory it shouldn't). This vulnerability can be exploited by attackers sending malicious data containing strings instead of the expected number format, leading to denial of service (making the system unavailable) during AI model training or inference (using a trained model to make predictions).
CVE-2019-8760 is a vulnerability in Face ID (Apple's facial recognition system) where a 3D model made to look like an enrolled user could trick the system into unlocking a device. The vulnerability is classified as an improper authentication issue (CWE-287, a weakness in how systems verify identity).
TensorFlow versions before 1.15 had a heap buffer overflow (a type of memory access bug where a program writes beyond the boundaries of allocated memory) in the UnsortedSegmentSum function when using 32-bit integers, causing some large numbers to be incorrectly converted to negative values and leading to out-of-bounds memory access. The vulnerability was considered unlikely to be exploitable and was fixed internally in TensorFlow 1.15 and 2.0.
CVE-2019-17206 is a vulnerability in rediswrapper (a Redis Wrapper library) before version 0.3.0 that allows attackers to execute arbitrary scripts through uncontrolled deserialization of pickled objects (a Python serialization format that can be exploited if data comes from an untrusted source). The vulnerability exists in the models.py file and is caused by unsafe handling of serialized data.
Google TensorFlow version 1.7.x and earlier contains a buffer overflow vulnerability (a bug where a program writes data outside its intended memory boundaries), which can be exploited in ways that depend on the specific context in which TensorFlow is used. The vulnerability is related to integer overflow or wraparound issues (errors in how very large numbers are handled in calculations).
A NULL pointer dereference (a type of bug where software tries to access memory that doesn't exist) in Google TensorFlow versions before 1.12.2 could allow an attacker to cause a denial of service (making the software crash or become unresponsive) by providing an invalid GIF image file. This vulnerability affects TensorFlow's image processing capabilities.
A bug in Google's Snappy library version 1.1.4, used in TensorFlow before version 1.7.1, allows a memcpy operation (a function that copies data in memory) to overlap with itself, potentially causing the program to crash or expose data from other parts of the computer's memory. This vulnerability stems from improper input validation (checking whether user input is safe before processing it).
CVE-2018-10055 is a vulnerability in TensorFlow (a machine learning framework) versions before 1.7.1 where the XLA compiler (a tool that optimizes machine learning code) has a memory access bug that could crash the program or allow reading data from other parts of the computer's memory when processing a specially crafted configuration file.
Google TensorFlow version 1.7 and below contains a buffer overflow (a bug where a program writes data beyond the memory space it's supposed to use), which allows an attacker to execute arbitrary code locally on the affected system. This vulnerability is tracked as CVE-2018-8825 and was identified as a weakness in how the software restricts operations within memory boundaries.
Google TensorFlow version 1.6.x and earlier contains a null pointer dereference vulnerability (a type of bug where software tries to access memory that doesn't exist, causing it to crash or behave unexpectedly). The vulnerability's impact depends on the specific context in which TensorFlow is being used.
CVE-2019-10844 is a vulnerability in Sony Neural Network Libraries (nnabla) through version v1.0.14 where the logger component relies on the HOME environment variable (a system setting that tells programs where a user's personal files are stored), which may be untrusted and could potentially be exploited. The vulnerability affects the libnnabla.a library file used in the software.
Fix: Update TensorFlow to version 2.2.1 or 2.3.1, which include the fix released in commit 22e07fb204386768e5bcbea563641ea11f96ceb8.
NVD/CVE DatabaseFix: Update TensorFlow to version 2.2.1 or 2.3.1, which contain the patch for this issue.
NVD/CVE DatabaseFix: Update to TensorFlow version 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1 or later. The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c.
NVD/CVE DatabaseFix: Upgrade to TensorFlow 1.7.0 or later. A patch is available at https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433.
NVD/CVE DatabaseFix: Update to TensorFlow 1.15.1, 2.0.1, or 2.1.0, as the vulnerability is patched in these versions. The source states: 'Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.'
NVD/CVE DatabaseFix: This issue is fixed in iOS 13. The fix was addressed by improving Face ID machine learning models (the AI algorithms that help Face ID recognize faces).
NVD/CVE DatabaseFix: Update to TensorFlow 1.15 or 2.0, as the vulnerability was "detected and fixed internally in TensorFlow 1.15 and 2.0."
NVD/CVE DatabaseFix: Upgrade to rediswrapper version 0.3.0 or later. The fix is available in the release at https://github.com/frostming/rediswrapper/releases/tag/v0.3.0 and was implemented in pull request https://github.com/frostming/rediswrapper/pull/1.
NVD/CVE DatabaseFix: Upgrade to TensorFlow version 1.12.2 or later. According to the source, the vulnerability existed in versions before 1.12.2, indicating this version includes the fix.
NVD/CVE Database