Google Tensorflow vulnerabilities

CVE-2023-25663 [HIGH] CWE-476 CVE-2023-25663: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, whe TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.

CVE-2023-25671 [HIGH] CWE-787 CVE-2023-25671: TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mis TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

CVE-2023-25669 [HIGH] CWE-697 CVE-2023-25669: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

CVE-2023-25675 [HIGH] CWE-697 CVE-2023-25675: TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2. TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1.

CVE-2023-25662 [HIGH] CWE-190 CVE-2023-25662: TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

CVE-2022-41902 [HIGH] CWE-787 CVE-2022-41902: TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem ta TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b2

CVE-2022-41910 [MEDIUM] CWE-125 CVE-2022-41910: TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem ta TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16

CVE-2022-41900 [HIGH] CWE-125 CVE-2022-41900: TensorFlow is an open source platform for machine learning. The security vulnerability results in Fr TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub

CVE-2022-41880 [MEDIUM] CWE-125 CVE-2022-41880: TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` functi TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commi

CVE-2022-41895 [MEDIUM] CWE-125 CVE-2022-41895: TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize inpu TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and

CVE-2022-41888 [MEDIUM] CWE-20 CVE-2022-41888: TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_ TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this

CVE-2022-41909 [MEDIUM] CWE-20 CVE-2022-41909: TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid ` TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will b

CVE-2022-41884 [MEDIUM] CWE-670 CVE-2022-41884: TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick thi

CVE-2022-41911 [MEDIUM] CWE-704 CVE-2022-41911: TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been

CVE-2022-41885 [MEDIUM] CWE-131 CVE-2022-41885: TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and Tenso

CVE-2022-41901 [MEDIUM] CWE-20 CVE-2022-41901: TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a m TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this c

CVE-2022-41886 [MEDIUM] CWE-131 CVE-2022-41886: TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransfor TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and Te

CVE-2022-41887 [MEDIUM] CWE-131 CVE-2022-41887: TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_ TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87

CVE-2022-41899 [MEDIUM] CWE-20 CVE-2022-41899: TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_stat TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.

CVE-2022-41893 [MEDIUM] CWE-617 CVE-2022-41893: TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is give TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We