Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-35992: Check for element_shape in TensorListFromTensor · tensorflow/tensorflow@3db59a0

TensorFlow is an open source platform for machine learning. When TensorListFromTensor receives an element_shape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

CVE
Open in Source
#mac#dos#git

@@ -584,6 +584,17 @@ def testTensorListFromTensor(self): self.assertAllEqual(e, 1.0) self.assertAllEqual(list_ops.tensor_list_length(l), 0)
def testTensorListFromTensorFailsWhenElementShapeIsNotVector(self): t = constant_op.constant([1.0, 2.0]) # In Eager mode, InvalidArgumentError is generated by the Compute function. # In graph mode, ValueError is generated by the shape function. with self.assertRaisesRegex( (errors.InvalidArgumentError, ValueError), “must be at most rank 1”): # Wrong element_shape. Should be at most rank 1. l = list_ops.tensor_list_from_tensor(t, element_shape=[[1]]) self.evaluate(l)
@test_util.run_gpu_only def testFromTensorGPU(self): with context.device(“gpu:0”):

Related news

GHSA-9v8w-xmr4-wgxp: TensorFlow vulnerable to `CHECK` fail in `TensorListFromTensor`

### Impact When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack. ```python import tensorflow as tf arg_0=tf.random.uniform(shape=(6, 6, 2), dtype=tf.bfloat16, maxval=None) arg_1=tf.random.uniform(shape=(6, 9, 1, 3), dtype=tf.int64, maxval=65536) arg_2='' tf.raw_ops.TensorListFromTensor(tensor=arg_0, element_shape=arg_1, name=arg_2) ``` ### Patches We have patched the issue in GitHub commit [3db59a042a38f4338aa207922fa2f476e000a6ee](https://github.com/tensorflow/tensorflow/commit/3db59a042a38f4338aa207922fa2f476e000a6ee). The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the securit...

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE