tensorflow
PyPI427 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting tensorflowpage 3 of 9
- CVE-2021-29570LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The imp…
- CVE-2021-29571MEDIUMCVSS 4.5EG 4.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The imp…
- CVE-2021-29572LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to dereferencing a null pointer. The implementation(https://github.com/tensorflow/tenso…
- CVE-2021-29573LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` is vulnerable to a division by 0. The implementation(https://github.com/tensorflow/tensorflow/blob/279bab6efa22…
- CVE-2021-29574LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPool3DGradGrad` exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors. The implementat…
- CVE-2021-29575LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (99 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.ReverseSequence` allows for stack overflow and/or `CHECK`-fail based denial of service. The implementation(https://github.com/tensorfl…
- CVE-2021-29576LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPool3DGradGrad` is vulnerable to a heap buffer overflow. The implementation(https://github.com/tensorflow/tensorflow/blob/596c05a15…
- CVE-2021-29577LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.AvgPool3DGrad` is vulnerable to a heap buffer overflow. The implementation(https://github.com/tensorflow/tensorflow/blob/d80ffba9702dc…
- CVE-2021-29578LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.FractionalAvgPoolGrad` is vulnerable to a heap buffer overflow. The implementation(https://github.com/tensorflow/tensorflow/blob/dcba7…
- CVE-2021-29579LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGrad` is vulnerable to a heap buffer overflow. The implementation(https://github.com/tensorflow/tensorflow/blob/ab1e644b48c82cb…
- CVE-2021-29580LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.FractionalMaxPoolGrad` triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of…
- CVE-2021-29581LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.CTCBeamSearchDecoder`, an attacker can trigger denial of service via segmentation faults. The implementation(https://github.com…
- CVE-2021-29582LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.Dequantize`, an attacker can trigger a read from outside of bounds of heap allocated data. The implementation(https://github.co…
- CVE-2021-29583LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.FusedBatchNorm` is vulnerable to a heap buffer overflow. If the tensors are empty, the same implementation can trigger undefined behav…
- CVE-2021-29584LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in caused by an integer overflow in constructing a new tensor shape. This is because the implementation(h…
- CVE-2021-29585LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, `ComputeOutSize`(https://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorf…
- CVE-2021-29586LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeightWidth`(https://github.com/tensorflow/t…
- CVE-2021-29587LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. The `Prepare` step of the `SpaceToDepth` TFLite operator does not check for 0 before division(https://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5…
- CVE-2021-29588LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The optimized implementation of the `TransposeConv` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/0d45ea1ca6…
- CVE-2021-29589LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the `GatherNd` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b7…
- CVE-2021-29590LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementations of the `Minimum` and `Maximum` TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor…
- CVE-2021-29591HIGHCVSS 7.3EG 7.3✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during ev…
- CVE-2021-29592MEDIUMCVSS 4.4EG 4.4✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15209) missed the case when the target shape of `Reshape` operator is given by the el…
- CVE-2021-29593LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `BatchToSpaceNd` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/b5ed552fe55895aee8bd8…
- CVE-2021-29594LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution code(https://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc) has multiple division …
- CVE-2021-29595LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (100 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `DepthToSpace` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c…
- CVE-2021-29596LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `EmbeddingLookup` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/e4b29809543b250bc9b1…
- CVE-2021-29597LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `SpaceToBatchNd` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/412c7d9bb8f8a762c5b…
- CVE-2021-29598LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `SVDF` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcd…
- CVE-2021-29599LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `Split` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/e2752089ef7ce9bcf3db0ec618ebd2…
- CVE-2021-29600LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `OneHot` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/f61c57bd425878be108ec787f4d96…
- CVE-2021-29601MEDIUMCVSS 6.3EG 6.3✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an integer overflow issue(https://github.com/tensorflow/tensorflow/blob/7b7352a724b690b11bfaae2cd54bc3907daf…
- CVE-2021-29602LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `DepthwiseConv` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2…
- CVE-2021-29603LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of `ArgMin`/`ArgMax`(https://github.com/tensorflow/tensorflow/blob/102b…
- CVE-2021-29604LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e…
- CVE-2021-29605HIGHCVSS 7.1EG 7.1✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating `TFLiteIntArray`s is vulnerable to an integer overflow issue(https://github.com/tensorflow/tensorflow/blob/4ceffae632721e52bf3501b736e4fe…
- CVE-2021-29606HIGHCVSS 7.1EG 7.1✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of `Split_V`(https://github.com/tensorflow/tensorflow/blob/c59c37e7b2d56…
- CVE-2021-29607MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) as well as write outside of bounds of hea…
- CVE-2021-29608MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.RaggedTensorToTensor`, an attacker can exploit an undefined behavior if input arguments are empty. The implementation(https://g…
- CVE-2021-29609MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) as well as write outside of bounds of hea…
- CVE-2021-29610LOWCVSS 3.6EG 3.6✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. The validation in `tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis` argument:. The validation(https://github.com/tensorflow/tensorflow/blob/eccb7ec4…
- CVE-2021-29611LOWCVSS 3.6EG 3.6✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseReshape` results in a denial of service based on a `CHECK`-failure. The implementation(https://github.com/tensorflow/tensorflow/blob/e87…
- CVE-2021-29612LOWCVSS 3.6EG 3.6✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of `tf.raw_ops.BandedTriangularSolve`. The implementation(https://github.com/tensorflow/tensorflo…
- CVE-2021-29613MEDIUMCVSS 6.3EG 6.3✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick…
- CVE-2021-29614HIGHCVSS 7.1EG 7.1✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.io.decode_raw` produces incorrect results and crashes the Python interpreter when combining `fixed_length` and wider datatypes. The implementa…
- CVE-2021-29615LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attr_value_util.…
- CVE-2021-29616LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplify(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_…
- CVE-2021-29617LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with invalid arguments. The fix will be included in TensorFlow 2.5.0. We will also che…
- CVE-2021-29618LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to `tf.transpose` at the same time as passing `conjugate=True` argument results in a crash. The fix will be included in TensorFlow 2.5.0. We …
- CVE-2021-29619LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments (e.g., discovered via fuzzing) to `tf.raw_ops.SparseCountSparseOutput` results in segfault. The fix will be included in TensorFlow 2.5.0. We w…
Check whether tensorflow is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for tensorflow CVEs against the assets you own.
Start Free Scan →