Google Tensorflow vulnerabilities

CVE-2020-15191 [MEDIUM] CWE-20 CVE-2020-15191: In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dl In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null

CVE-2020-15194 [MEDIUM] CWE-20 CVE-2020-15194: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` i In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass

CVE-2020-15200 [MEDIUM] CWE-20 CVE-2020-15200: In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate t In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Thus, the code sets up conditions to cause a heap buffer overflow. A

CVE-2018-21233 [MEDIUM] CWE-125 CVE-2018-21233: TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.

CVE-2020-5215 [HIGH] CWE-754 CVE-2020-5215: In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value resul In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of

CVE-2019-16778 [CRITICAL] CWE-122 CVE-2019-16778: In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Ind In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected a

CVE-2018-7575 [CRITICAL] CWE-190 CVE-2018-7575: Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of expl Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent.

CVE-2018-7577 [HIGH] CWE-20 CVE-2018-7577: Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory.

CVE-2018-10055 [HIGH] CWE-119 CVE-2018-10055: Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorF Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.

CVE-2019-9635 [MEDIUM] CWE-476 CVE-2019-9635: NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an i NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file.

CVE-2018-8825 [HIGH] CWE-119 CVE-2018-8825: Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary co Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local).

CVE-2018-7576 [MEDIUM] CWE-476 CVE-2018-7576: Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitati Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent.