Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-25662: Fix security vulnerability in EditDistance op shape function. · tensorflow/tensorflow@08b8e18

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

CVE
#vulnerability#mac

@@ -15,8 +15,9 @@

“""Tests for tensorflow.kernels.edit_distance_op.""”

import numpy as np

from tensorflow.python.eager import def_function

from tensorflow.python.framework import constant_op

from tensorflow.python.framework import errors

from tensorflow.python.framework import ops

from tensorflow.python.framework import sparse_tensor

from tensorflow.python.ops import array_ops

@@ -225,6 +226,66 @@ def testEditDistanceBadIndices(self):

“to outside of the buffer for the output tensor|”

r"Dimension -\d+ must be >= 0"))

def testEmptyShapeWithEditDistanceRaisesError(self):

para = {

"hypothesis_indices": [[]],

"hypothesis_values": [“tmp/”],

"hypothesis_shape": [],

"truth_indices": [[]],

"truth_values": [“”],

"truth_shape": [],

"normalize": False,

}

# Check edit distance raw op with empty shape in eager mode.

with self.assertRaisesRegex(

(errors.InvalidArgumentError, ValueError),

(

r"Input Hypothesis SparseTensors must have rank at least 2, but"

" hypothesis_shape rank is: 0|Input SparseTensors must have rank "

“at least 2, but truth_shape rank is: 0”

),

):

array_ops.gen_array_ops.EditDistance(**para)

# Check raw op with tf.function

@def_function.function

def TestFunction():

“""Wrapper function for edit distance call.""”

array_ops.gen_array_ops.EditDistance(**para)

with self.assertRaisesRegex(

ValueError,

(

“Input Hypothesis SparseTensors must have rank at least 2, but”

" hypothesis_shape rank is: 0"

),

):

TestFunction()

# Check with python wrapper API

hypothesis_indices = [[]]

hypothesis_values = [0]

hypothesis_shape = []

truth_indices = [[]]

truth_values = [1]

truth_shape = []

expected_output = [] # dummy ignored

with self.assertRaisesRegex(

ValueError,

(

“Input Hypothesis SparseTensors must have rank at least 2, but”

" hypothesis_shape rank is: 0"

),

):

self._testEditDistance(

hypothesis=(hypothesis_indices, hypothesis_values, hypothesis_shape),

truth=(truth_indices, truth_values, truth_shape),

normalize=False,

expected_output=expected_output,

)

if __name__ == "__main__":

test.main()

Related news

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

GHSA-7jvm-xxmr-v5cw: TensorFlow vulnerable to integer overflow in EditDistance

### Impact TFversion 2.11.0 //tensorflow/core/ops/array_ops.cc:1067 const Tensor* hypothesis_shape_t = c->input_tensor(2); std::vector<DimensionHandle> dims(hypothesis_shape_t->NumElements() - 1); for (int i = 0; i < dims.size(); ++i) { dims[i] = c->MakeDim(std::max(h_values(i), t_values(i))); } if hypothesis_shape_t is empty, hypothesis_shape_t->NumElements() - 1 will be integer overflow, and the it will deadlock ```python import tensorflow as tf para={ 'hypothesis_indices': [[]], 'hypothesis_values': ['tmp/'], 'hypothesis_shape': [], 'truth_indices': [[]], 'truth_values': [''], 'truth_shape': [], 'normalize': False } tf.raw_ops.EditDistance(**para) ``` ### Patches We have patched the issue in GitHub commit [08b8e18643d6dcde00890733b270ff8d9960c56c](https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c). The fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1 ### For...

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907