Google Tensorflow vulnerabilities
432 known vulnerabilities affecting google/tensorflow.
Total CVEs
432
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL18HIGH234MEDIUM178LOW2
Vulnerabilities
Page 4 of 22
CVE-2022-36005HIGHCVSS 7.5fixed in 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-36005 [HIGH] CWE-617 CVE-2022-36005: TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_mi
TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in T
nvd
CVE-2022-35959HIGHCVSS 7.5≥ 2.7.0, < 2.7.2v2.8.0+2 more2022-09-16
CVE-2022-35959 [HIGH] CWE-617 CVE-2022-35959: TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp`
TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14
nvd
CVE-2022-36004HIGHCVSS 7.5fixed in 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-36004 [HIGH] CWE-617 CVE-2022-36004: TensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large in
TensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this co
nvd
CVE-2022-35994HIGHCVSS 7.5fixed in 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-35994 [HIGH] CWE-617 CVE-2022-35994: TensorFlow is an open source platform for machine learning. When `CollectiveGather` receives an scal
TensorFlow is an open source platform for machine learning. When `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c1f491817dec39a26be3c574e86a88c30f3c4770. The fix will be included in TensorFlow 2.10.0. We will also cherrypic
nvd
CVE-2022-36001HIGHCVSS 7.5fixed in 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-36001 [HIGH] CWE-617 CVE-2022-36001: TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an inp
TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix will be included in TensorFlow 2.10.0. We will als
nvd
CVE-2022-35967HIGHCVSS 7.5≥ 2.7.0, < 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-35967 [HIGH] CWE-20 CVE-2022-35967: TensorFlow is an open source platform for machine learning. If `QuantizedAdd` is given `min_input` o
TensorFlow is an open source platform for machine learning. If `QuantizedAdd` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0.
nvd
CVE-2022-35984HIGHCVSS 7.5fixed in 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-35984 [HIGH] CWE-617 CVE-2022-35984: TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `
TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix wil
nvd
CVE-2022-35986HIGHCVSS 7.5fixed in 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-35986 [HIGH] CWE-20 CVE-2022-35986: TensorFlow is an open source platform for machine learning. If `RaggedBincount` is given an empty in
TensorFlow is an open source platform for machine learning. If `RaggedBincount` is given an empty input tensor `splits`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8. The fix will be included in TensorFlow 2.10.0. We will also cherryp
nvd
CVE-2022-35968HIGHCVSS 7.5≥ 2.7.0, < 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-35968 [HIGH] CWE-617 CVE-2022-35968: TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does
TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in
nvd
CVE-2022-35982HIGHCVSS 7.5fixed in 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-35982 [HIGH] CWE-20 CVE-2022-35982: TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for
TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 40adbe4dd15b582b0210dfbf40c243a62f5119fa. The fix wi
nvd
CVE-2022-36018HIGHCVSS 7.5fixed in 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-36018 [HIGH] CWE-617 CVE-2022-36018: TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `r
TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix will b
nvd
CVE-2022-35993HIGHCVSS 7.5fixed in 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-35993 [HIGH] CWE-617 CVE-2022-35993: TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_sh
TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467. The fix will be included in TensorFlow 2.10.0. We will al
nvd
CVE-2022-35995HIGHCVSS 7.5fixed in 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-35995 [HIGH] CWE-617 CVE-2022-35995: TensorFlow is an open source platform for machine learning. When `AudioSummaryV2` receives an input
TensorFlow is an open source platform for machine learning. When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf6b45244992e2ee543c258e519489659c99fb7f. The fix will be included in TensorFlow 2.10.0.
nvd
CVE-2022-35987HIGHCVSS 7.5fixed in 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-35987 [HIGH] CWE-617 CVE-2022-35987: TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor
TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf4c14353c
nvd
CVE-2022-36000HIGHCVSS 7.5fixed in 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-36000 [HIGH] CWE-476 CVE-2022-36000: TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionT
TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on Ten
nvd
CVE-2022-35972HIGHCVSS 7.5≥ 2.7.0, < 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-35972 [HIGH] CWE-20 CVE-2022-35972: TensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd` is given `min_inpu
TensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd` is given `min_input`, `max_input`, `min_bias`, `max_bias` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be inclu
nvd
CVE-2022-36011HIGHCVSS 7.5fixed in 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-36011 [HIGH] CWE-476 CVE-2022-36011: TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionT
TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on Ten
nvd
CVE-2022-35979HIGHCVSS 7.5fixed in 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-35979 [HIGH] CWE-20 CVE-2022-35979: TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` a
TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included
nvd
CVE-2022-35940HIGHCVSS 7.5≥ 2.7.0, < 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-35940 [HIGH] CWE-190 CVE-2022-35940: TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an arg
TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the progr
nvd
CVE-2022-35989HIGHCVSS 7.5fixed in 2.7.2≥ 2.8.0, < 2.8.1+2 more2022-09-16
CVE-2022-35989 [HIGH] CWE-617 CVE-2022-35989: TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size in
TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 32d7bd3defd134f21a4e344c8dfd40099aaf6b18. The
nvd