tensorflow-cpu

CVE-2021-37687MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.3

vulnerable: 2.3.0 ... 2.4.2 (7 versions)

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduc…

CVE-2021-37688HIGHCVSS 7.8EG 7.8✓ Fixed in 2.4.3

vulnerable: 2.3.0 ... 2.4.2 (7 versions)

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`GatherNd` implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels…

CVE-2021-37689HIGHCVSS 7.8EG 7.8✓ Fixed in 2.4.3

vulnerable: 2.3.0 ... 2.4.2 (7 versions)

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The [imple…

CVE-2021-37690MEDIUMCVSS 6.6EG 6.6✓ Fixed in 2.4.3

vulnerable: 2.3.0 ... 2.4.2 (7 versions)

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is ca…

2021-08-13

vulnerable: 2.3.0 ... 2.4.2 (7 versions)

TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` str…

CVE-2021-37691MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.3

CVE-2021-37692MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.3

vulnerable: 2.3.0 ... 2.4.2 (7 versions)

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://github.com/tensorflow/tensorflow/b…

CVE-2021-41195MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.6.1

vulnerable: 2.3.0 ... 2.4.2 (7 versions)

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_TString_Dealloc` is called during garbag…

CVE-2021-41196MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.6.0 (22 versions)

TensorFlow is an open source platform for machine learning. In affected versions the implementation of `tf.math.segment_*` operations results in a `CHECK`-fail related abort (and denial of service) if a segment id in `segment_ids` is large…

CVE-2021-41197MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of …

CVE-2021-41198MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor…

CVE-2021-41199MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions if `tf.tile` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elemen…

CVE-2021-41200MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions if `tf.image.resize` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number o…

CVE-2021-41201HIGHCVSS 7.8EG 7.8✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix will be included in TensorFlow 2.7.0. We wi…

CVE-2021-41202MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in `input_has_ellipsis` vector and `*output_has_ellipsis` boolean to indicate wh…

CVE-2021-41203HIGHCVSS 7.8EG 7.8✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the `tf.range` kernel, there is a conditional statement of type `int64 = condition ? int64 : double`. Due to C…

CVE-2021-41204MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and `CHECK`-fail crashes if they can change saved checkpoints from outside of TensorF…

CVE-2021-41205HIGHCVSS 7.1EG 7.1✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are …

CVE-2021-41206HIGHCVSS 7.0EG 7.0✓ Fixed in 2.6.1

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of heap allocated array. The fix will be inclu…

CVE-2021-41207MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.6.0 (22 versions)

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in und…

CVE-2021-41208HIGHCVSS 8.8EG 8.8✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the implementation of `ParallelConcat` misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will als…

CVE-2021-41209MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing `nullptr`s or vi…

CVE-2021-41210HIGHCVSS 7.1EG 7.1✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. W…

CVE-2021-41211HIGHCVSS 7.1EG 7.1✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for `SparseCountSparseOutput` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFl…

CVE-2021-41212HIGHCVSS 7.1EG 7.1✓ Fixed in 2.7.0

vulnerable: 2.6.0, 2.7.0rc0, 2.7.0rc1

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV2` can trigger a read outside of bounds of heap allocated array. This occurs whenever `axis` is a negative value less t…

CVE-2021-41213MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We …

CVE-2021-41214HIGHCVSS 7.8EG 7.8✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a…

CVE-2021-41215MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` has an undefined behavior due to binding a reference to `nullptr`. The fix will be included in TensorFlow 2.7.0…

CVE-2021-41216MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `DeserializeSparse` can trigger a null pointer dereference. This is because the shape inference function assumes that the `serial…

CVE-2021-41217MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape infere…

CVE-2021-41218MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This…

CVE-2021-41219HIGHCVSS 7.8EG 7.8✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `AllToAll` can be made to execute a division by 0. This occurs whenever the `split_count` argument is 0. The fix will be included…

CVE-2021-41220HIGHCVSS 7.8EG 7.8✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to `nullptr`. This occurs whenever the dimensions of `a`…

CVE-2021-41221HIGHCVSS 7.8EG 7.8✓ Fixed in 2.7.0

vulnerable: 2.6.0, 2.7.0rc0, 2.7.0rc1

TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact…

CVE-2021-41222MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs becau…

CVE-2021-41223HIGHCVSS 7.1EG 7.1✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever `size_splits` contains more than one va…

CVE-2021-41224HIGHCVSS 7.1EG 7.1✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the implementation of `FusedBatchNorm` kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this …

CVE-2021-41225MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB access. This occurs whenever the size of `indices` does not match the size of `v…

CVE-2021-41226HIGHCVSS 7.1EG 7.1✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not co…

CVE-2021-41227MEDIUMCVSS 6.6EG 6.6✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseBinCount` is vulnerable to a heap OOB access. This is because of missing validation between the elements of the `values` argument…

CVE-2021-41228HIGHCVSS 7.5EG 7.5✓ Fixed in 2.7.0

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions the `ImmutableConst` operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the `tstring` TensorFlow string class has …

CVE-2022-21725MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.6.3

vulnerable: 1.15.0 ... 2.7.0rc1 (24 versions)

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitr…

CVE-2022-21726HIGHCVSS 8.1EG 8.1✓ Fixed in 2.6.3

vulnerable: 1.15.0 ... 2.6.2 (26 versions)

Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, th…

CVE-2022-21727HIGHCVSS 7.6EG 7.6✓ Fixed in 2.6.3

vulnerable: 1.15.0 ... 2.6.2 (26 versions)

Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optiona…

CVE-2022-21728HIGHCVSS 8.1EG 8.1✓ Fixed in 2.6.3

vulnerable: 1.15.0 ... 2.6.2 (26 versions)

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow weakness. The `axis` argument can be `-1` (the default value for the optional argument) or…

CVE-2022-21729MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.6.3

vulnerable: 1.15.0 ... 2.6.2 (26 versions)

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the valu…

CVE-2022-21730HIGHCVSS 8.1EG 8.1✓ Fixed in 2.6.3

vulnerable: 1.15.0 ... 2.6.2 (26 versions)

Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this…

CVE-2022-21731MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.6.3

vulnerable: 1.15.0 ... 2.6.2 (26 versions)

Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be…

CVE-2022-21732MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.6.3

vulnerable: 1.15.0 ... 2.6.2 (26 versions)

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusion. The `axis` argument is translated in…