tensorflow-cpu@2.11.0rc1 vulnerabilities

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a malicious invalid input with zero dimension, which crashes a TensorFlow model (Check Failed).

Note: An attacker must have privilege to provide input to a Convolution3DTranspose call.

Upgrade tensorflow-cpu to version 2.11.1 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow. Attackers can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference when SparseSparseMaximum is given invalid sparse tensors as inputs.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when running with XLA, tf.raw_ops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference due to a null pointer error in RandomShuffle with XLA enabled.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a floating point exception in TensorListSplit with XLA.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. The function tf.raw_ops.LookupTableImportV2 cannot handle scalars in the values parameter and gives a null pointer exception.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Incorrect Comparison. Constructing a tflite model with a paramater filter_input_channel of less than 1 gives a float pointer exception.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). When running with XLA, tf.raw_ops.Bincount segfaults when given a parameter weights that is neither the same shape as parameter arr nor a length-0 tensor.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow in TAvgPoolGrad.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow when 2^31 <= num_frames * height * width * channels < 2^32, for example Full HD screencast of at least 346 frames.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds due to mismatched integer type sizes in ValueMap::Manager::GetValueOrCreatePlaceholder, because there is a bug with the tfg-translate call to InitMlir.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a floating point exception if the stride and window size are not positive for tf.raw_ops.AvgPoolGrad.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. When ctx->step_containter() is a null ptr, the Lookup function will be executed with a null pointer.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). When the parameter summarize of tf.raw_ops.Print is zero, the new method SummarizeArray<bool> will reference to a nullptr, leading to a seg fault.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Double Free. The nn_ops.fractional_avg_pool_v2 and nn_ops.fractional_max_pool_v2 functions require the first and fourth elements of their parameter pooling_ratio to be equal to 1.0, as pooling on batch and channel dimensions is not supported.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference in QuantizedMatMulWithBiasAndDequantize with MKL enabled.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a floating point exception in AudioSpectrogram.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read if the parameter indices for DynamicStitch does not match the shape of the parameter data.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read in GRUBlockCellGrad.

Upgrade tensorflow-cpu to version 2.11.1, 2.12.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds in DynamicStitch due to missing validation when it receives a differing number of inputs, such as when it is called with an indices size 1 and a data size 2.

Upgrade tensorflow-cpu to version 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when a numpy array is created with a shape such that one element is zero and the sum of others is a large number.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow via tf.raw_ops.ImageProjectiveTransformV2 when a large output shape is given.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via tf.keras.losses.poisson which receives a y_pred and y_true that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment.

Upgrade tensorflow-cpu to version 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read when the BaseCandidateSamplerOp function receives a value in true_classes larger than range_max.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow via tf.raw_ops.FusedResizeAndPadConv2D when a large tensor shape is given.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size when tf.raw_ops.ResizeNearestNeighborGrad is given a large size input.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation due to a missing check of tf.image.generate_bounding_box_proposals that receives a scores input that must be of rank 4 when running on GPU.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) because the conversions from char to bool are undefined if the char is not 0 or 1. This can happen when printing a tensor: the data is got as a const char* array and then it is typecasted to the element type.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when ThreadUnsafeUnigramCandidateSampler is given input filterbank_channel_count greater than the allowed max size.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Reachable Assertion when tf.raw_ops.TensorListResize is given a nonscalar value for input size. It will results in a CHECK fail which can be used to trigger a denial of service attack.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read. This is If MirrorPadGrad is given outsize input paddings.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when FractionMaxPoolGrad is given outsize inputs row_pooling_sequence and col_pooling_sequence.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when tf.raw_ops.TensorListConcat is given element_shape=[].

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when BCast::ToShape is given input larger than an int32, even if it is being supposed to handle up to an int64.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference because the pywrap code fails to parse the tensor and returns a nullptr if a list of quantized tensors is assigned to an attribute.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow. The reference kernel of the CONV_3D_TRANSPOSE TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of data_ptr += num_channels; it should be data_ptr += output_num_channels; as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer.

Note: This attack only works if the reference kernel resolver is used in the interpreter.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when an input encoded is not a valid CompositeTensorVariant tensor. This will trigger a segfault in tf.raw_ops.CompositeTensorVariantToComponents.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is vulnerable when an input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.raw_ops.PyFunc.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Write in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers can access heap memory that is not in the user's control, leading to a crash or remote code execution.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when SparseFillEmptyRowsGrad is given empty inputs.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when the input sparse_matrix is not a matrix with a shape with rank 0. As a result, a CHECK fail will be triggered in tf.raw_ops.SparseMatrixNNZ.

Upgrade tensorflow-cpu to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.