Vulnerabilities > Google > Tensorflow

DATE CVE VULNERABILITY TITLE RISK
2020-09-25 CVE-2020-15213 Allocation of Resources Without Limits or Throttling vulnerability in Google Tensorflow 2.2.0/2.3.0
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum.
network
high complexity
google CWE-770
4.0
2020-09-25 CVE-2020-15212 Out-of-bounds Write vulnerability in Google Tensorflow 2.2.0/2.3.0
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor.
network
low complexity
google CWE-787
8.6
2020-09-25 CVE-2020-15211 In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors.
network
high complexity
google opensuse
4.8
2020-09-25 CVE-2020-15210 Out-of-bounds Write vulnerability in multiple products
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption.
network
high complexity
google opensuse CWE-787
6.5
2020-09-25 CVE-2020-15209 In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer.
network
high complexity
google opensuse
5.9
2020-09-25 CVE-2020-15208 In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes.
network
low complexity
google opensuse
critical
9.8
2020-09-25 CVE-2020-15207 Out-of-bounds Write vulnerability in multiple products
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices.
network
high complexity
google opensuse CWE-787
critical
9.0
2020-09-25 CVE-2020-15206 In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model.
network
low complexity
google opensuse
7.5
2020-09-25 CVE-2020-15205 Out-of-bounds Write vulnerability in multiple products
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation.
network
low complexity
google opensuse CWE-787
critical
9.8
2020-09-25 CVE-2020-15204 In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state.
network
low complexity
google opensuse
5.3