Google Tensorflow vulnerabilities

CVE-2021-37688 [MEDIUM] CWE-476 CVE-2021-37688: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attac TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lit

CVE-2021-35958 [CRITICAL] CWE-22 CVE-2021-35958: TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives

CVE-2021-29609 [HIGH] CWE-665 CVE-2021-29609: TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `Spa TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) as well as write outside of bounds of heap allocated data. The implementation(https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f8491

CVE-2021-29612 [HIGH] CWE-120 CVE-2021-29612: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a hea TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of `tf.raw_ops.BandedTriangularSolve`. The implementation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/linalg/banded_triangular_solve_op.cc#L269-

CVE-2021-29607 [HIGH] CWE-754 CVE-2021-29607: TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `Spa TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) as well as write outside of bounds of heap allocated data. The implementation(https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f8491

CVE-2021-29603 [HIGH] CWE-787 CVE-2021-29603: TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite mo TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of `ArgMin`/`ArgMax`(https://github.com/tensorflow/tensorflow/blob/102b211d892f3abc14f845a72047809b39cc65ab/tensorflow/lite/kernels/arg_min_max.cc#L52-L59). If `axis_value` is not a val

CVE-2021-29571 [HIGH] CWE-787 CVE-2021-29571: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation(https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core

CVE-2021-29585 [HIGH] CWE-369 CVE-2021-29585: TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for si TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, `ComputeOutSize`(https://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.h#L43-L55), does not check that the `stride` argument is not 0 before doing the division.

CVE-2021-29582 [HIGH] CWE-125 CVE-2021-29582: TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.Dequantize`, an attacker can trigger a read from outside of bounds of heap allocated data. The implementation(https://github.com/tensorflow/tensorflow/blob/26003593aa94b1742f34dc22ce88a1e17776a67d/tensorflow/core/kernels/dequantize_op.cc#L106

CVE-2021-29525 [HIGH] CWE-369 CVE-2021-29525: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a div TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2DBackpropInput`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/b40060c9f697b044e3107917c797ba052f4506ab/tensorflow/core/kernels/conv_grad_input_ops.h#L625-L655) does a division by a quant

CVE-2021-29537 [HIGH] CWE-131 CVE-2021-29537: TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `QuantizedResizeBilinear` by passing in invalid thresholds for the quantization. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/50711818d2e61ccce012591eeb4fdf93a8496726/tensorflow/core/kernels/quantize

CVE-2021-29518 [HIGH] CWE-476 CVE-2021-29518: TensorFlow is an end-to-end open source platform for machine learning. In eager mode (default in TF TensorFlow is an end-to-end open source platform for machine learning. In eager mode (default in TF 2.0 and later), session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The implementation(https://github.com/tensorflow/tensorflow/blob/eebb96c2830d48597d055d247c0e9aebaea9

CVE-2021-29592 [HIGH] CVE-2021-29592: TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209(ht TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15209) missed the case when the target shape of `Reshape` operator is given by the elements of a 1-D tensor. As such, the fix for the vulnerability(https://github.com/tensorflow/tensorflow/blob/9c1dc920d8ffb

CVE-2021-29586 [HIGH] CWE-369 CVE-2021-29586: TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementat TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeightWidth`(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can c

CVE-2021-29520 [HIGH] CWE-120 CVE-2021-29520: TensorFlow is an end-to-end open source platform for machine learning. Missing validation between ar TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to `tf.raw_ops.Conv3DBackprop*` operations can result in heap buffer overflows. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/4814fafb0ca6b5ab58a09411523b2193fed23fed/tensorflow/core/kernels/conv_grad_shape_uti

CVE-2021-29600 [HIGH] CWE-369 CVE-2021-29600: TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `On TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `OneHot` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/f61c57bd425878be108ec787f4d96390579fb83e/tensorflow/lite/kernels/one_hot.cc#L68-L72). An attacker can craft a model such that at least one of t

CVE-2021-29587 [HIGH] CWE-369 CVE-2021-29587: TensorFlow is an end-to-end open source platform for machine learning. The `Prepare` step of the `Sp TensorFlow is an end-to-end open source platform for machine learning. The `Prepare` step of the `SpaceToDepth` TFLite operator does not check for 0 before division(https://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/space_to_depth.cc#L63-L67). An attacker can craft a model such that `params->

CVE-2021-29596 [HIGH] CWE-369 CVE-2021-29596: TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `Em TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `EmbeddingLookup` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/e4b29809543b250bc9b19678ec4776299dd569ba/tensorflow/lite/kernels/embedding_lookup.cc#L73-L74). An attacker can craft a model such that

CVE-2021-29616 [HIGH] CWE-476 CVE-2021-29616: TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimp TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplify(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc#L390-L401) has undefined behavior due to dereferencing a null pointer in corner cases that result in

CVE-2021-29589 [HIGH] CWE-369 CVE-2021-29589: TensorFlow is an end-to-end open source platform for machine learning. The reference implementation TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the `GatherNd` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/internal/reference/reference_ops.h#L966). An attacker can craft a m