Mihaimaruseac

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 **Description** TensorFlow is an open source platform for machine learning. The macros that TensorFlow uses for writing assertions (e.g., `CHECK LT`, `CHECK GT`, etc.) have an incorrect logic when comparing `size t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. **Recommendations** For versions prior to 2.9.0, update to version 2.9.0 or later. For versions prior to 2.8.1, update to version 2.8.1 or later. For versions prior to 2.7.2, update to version 2.7.2 or later. For versions prior to 2.6.4, update to version 2.6.4 or later.

**Name of the Vulnerable Software and Affected Versions** TensorFlow version 2.8.0 **Description** The issue arises from the `TensorKey` hash function using total estimated `AllocatedBytes()`, which is an estimate per tensor and a poor hash function for constants, such as `int32 t`. It also attempts to access individual tensor bytes through `tensor.data()` of size `AllocatedBytes()`, leading to ASAN failures because `AllocatedBytes()` is an estimate of total bytes allocated by a tensor, including pointed-to constructs like strings, and does not refer to contiguous bytes in the `.data()` buffer. The discoverers could not use this byte vector anyway because types like `tstring` include pointers, whereas they needed to hash the string values themselves. **Recommendations** For version 2.8.0, update to version 2.8.1 or 2.9.0 to resolve the issue. For versions prior to 2.8.1 and 2.9.0, update to version 2.8.1 or 2.9.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 **Description** TensorFlow is an open source platform for machine learning. Certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The issue arises because during quantization, the scale of values could be greater than 1, but the code always assumes sub-unit scaling. As a result, the code calls `QuantizeMultiplierSmallerThanOneExp`, triggering the `TFLITE CHECK LT` assertion and aborting the process. **Recommendations** For versions prior to 2.9.0, update to version 2.9.0 or later. For versions prior to 2.8.1, update to version 2.8.1 or later. For versions prior to 2.7.2, update to version 2.7.2 or later. For versions prior to 2.6.4, update to version 2.6.4 or later.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 **Description** The implementation of `tf.ragged.constant` does not fully validate the input arguments, resulting in a denial of service by consuming all available memory. This issue can be exploited by passing specific arguments to the `tf.ragged.constant` function, such as `pylist=[]` and `ragged rank=8968073515812833920`. **Recommendations** For versions prior to 2.9.0, update to version 2.9.0 or later. For versions prior to 2.8.1, update to version 2.8.1 or later. For versions prior to 2.7.2, update to version 2.7.2 or later. For versions prior to 2.6.4, update to version 2.6.4 or later. As a temporary workaround, consider restricting the use of the `tf.ragged.constant` function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 **Description** The issue is related to the lack of input validation in the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` functions, which can result in crashes due to `CHECK`-failures under certain conditions. **Recommendations** For versions prior to 2.9.0, update to version 2.9.0 or later. For versions prior to 2.8.1, update to version 2.8.1 or later. For versions prior to 2.7.2, update to version 2.7.2 or later. For versions prior to 2.6.4, update to version 2.6.4 or later.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.0 through 2.7.1 TensorFlow versions 2.6.0 through 2.6.3 TensorFlow versions 2.5.0 through 2.5.3 **Description** TensorFlow is vulnerable to a heap out-of-bounds (OOB) write in `Grappler`. The `set output` function writes to an array at the specified index, giving a malicious user a write primitive. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions 2.7.0 through 2.7.1, update to TensorFlow 2.7.1. For versions 2.6.0 through 2.6.3, update to TensorFlow 2.6.3. For versions 2.5.0 through 2.5.3, update to TensorFlow 2.5.3.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1, 2.6.3, and 2.5.3 are also affected **Description** A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. If `Tin` and `Tout` don't match the type of data in `out` and `input *` tensors then `flat<*>` would interpret it wrongly, resulting in a `CHECK` crash and hence a denial of service. **Recommendations** For TensorFlow versions prior to 2.8.0, update to version 2.8.0 or later to resolve the issue. For TensorFlow version 2.7.1, update to a newer version that includes the cherrypicked commit. For TensorFlow version 2.6.3, update to a newer version that includes the cherrypicked commit. For TensorFlow version 2.5.3, update to a newer version that includes the cherrypicked commit. As a temporary workaround, consider restricting the use of `SavedModel` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.0 through 2.7.0 (will be fixed in 2.7.1) TensorFlow versions 2.6.0 through 2.6.2 (will be fixed in 2.6.3) TensorFlow versions 2.5.0 through 2.5.2 (will be fixed in 2.5.3) **Description** A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions 2.7.0 through 2.7.0, update to TensorFlow 2.7.1. For versions 2.6.0 through 2.6.2, update to TensorFlow 2.6.3. For versions 2.5.0 through 2.5.2, update to TensorFlow 2.5.3. As a temporary workaround, consider avoiding the use of PNG image decoding until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier **Description** During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The issue arises from the allocation of a vector based on the `num dims` value, which is controlled by the user through a tensor. This can lead to potential security issues. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions prior to 2.7.1, update to TensorFlow 2.7.1 or later. For versions prior to 2.6.3, update to TensorFlow 2.6.3 or later. For versions prior to 2.5.3, update to TensorFlow 2.5.3 or later. As a temporary workaround, consider restricting the input values to prevent large vector allocations until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier **Description** The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 to resolve the issue. For versions prior to 2.7.1, update to TensorFlow 2.7.1 to resolve the issue. For versions prior to 2.6.3, update to TensorFlow 2.6.3 to resolve the issue. For versions prior to 2.5.3, update to TensorFlow 2.5.3 to resolve the issue. As a temporary workaround, consider disabling the `SafeToRemoveIdentity` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier **Description** The implementation of `Range` suffers from integer overflows, which can trigger undefined behavior or extremely large allocations. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions prior to 2.7.1, update to TensorFlow 2.7.1 or later. For versions prior to 2.6.3, update to TensorFlow 2.6.3 or later. For versions prior to 2.5.3, update to TensorFlow 2.5.3 or later.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.0 through 2.7.1 TensorFlow versions 2.6.0 through 2.6.3 **Description** When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This issue is guarded by a `DCHECK`, which is a no-op in production builds, allowing execution to proceed to the dereferencing of the null pointer, and an assertion failure in debug builds, resulting in a crash. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions 2.7.0 through 2.7.1, update to TensorFlow 2.7.1 or later. For versions 2.6.0 through 2.6.3, update to TensorFlow 2.6.3 or later.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.5.3 TensorFlow versions prior to 2.6.3 TensorFlow versions prior to 2.7.1 TensorFlow versions prior to 2.8.0 **Description** When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user-controlled arguments. This allows attackers to cause denial of services in TensorFlow processes. **Recommendations** For versions prior to 2.5.3, update to version 2.5.3 or later. For versions prior to 2.6.3, update to version 2.6.3 or later. For versions prior to 2.7.1, update to version 2.7.1 or later. For versions prior to 2.8.0, update to version 2.8.0 or later.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1, 2.6.3, and 2.5.3 are also affected **Description** An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are duplicated. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions 2.7.1, 2.6.3, and 2.5.3, update to the respective cherrypicked versions. As a temporary workaround, consider restricting access to `SavedModel` files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier **Description** The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions 2.7.1 and earlier, update to TensorFlow 2.7.1 or later. For versions 2.6.3 and earlier, update to TensorFlow 2.6.3 or later. For versions 2.5.3 and earlier, update to TensorFlow 2.5.3 or later. As a temporary workaround, consider disabling the `IsSimplifiableReshape` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier **Description** The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. This occurs because `count` and `size` can be large enough to cause `count * size` to overflow. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions 2.7.1 and earlier, update to TensorFlow 2.7.1 or later. For versions 2.6.3 and earlier, update to TensorFlow 2.6.3 or later. For versions 2.5.3 and earlier, update to TensorFlow 2.5.3 or later. As a temporary workaround, consider restricting the creation of operations involving large tensors until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.6.3 TensorFlow versions prior to 2.7.1 TensorFlow versions prior to 2.8.0 **Description** There is a typo in TensorFlow's `SpecializeType` which results in heap out-of-bounds read/write. Due to the typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`, allowing assignment to `arg` from outside the vector of arguments. This enables both read and write to outside of bounds data. **Recommendations** For versions prior to 2.6.3, update to TensorFlow 2.6.3 or later. For versions prior to 2.7.1, update to TensorFlow 2.7.1 or later. For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier **Description** The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. This can occur when there is a large enough number of dimensions in `output shape.dim()` or a small number of dimensions being large enough to cause an overflow in the multiplication. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions 2.7.1 and earlier, update to TensorFlow 2.7.1 or later. For versions 2.6.3 and earlier, update to TensorFlow 2.6.3 or later. For versions 2.5.3 and earlier, update to TensorFlow 2.5.3 or later. As a temporary workaround, consider restricting the number of dimensions in `output shape.dim()` to prevent integer overflow until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier **Description** The issue arises when a graph node is invalid, causing TensorFlow to leak memory in the implementation of `ImmutableExecutorState::Initialize`. This occurs because `item->kernel` is set to `nullptr`, but it is a simple `OpKernel*` pointer, resulting in a memory leak of previously allocated memory. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later to resolve the issue. For versions 2.7.1 and earlier, update to TensorFlow 2.7.1 or later to resolve the issue. For versions 2.6.3 and earlier, update to TensorFlow 2.6.3 or later to resolve the issue. For versions 2.5.3 and earlier, update to TensorFlow 2.5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier **Description** TensorFlow can fail to specialize a type during shape inference. This issue is covered by the `DCHECK` function, which is a no-op in production builds and an assertion failure in debug builds. As a result, execution proceeds to the `ValueOrDie` line, causing an assertion failure because `ret` contains an error `Status`, not a value. In debug builds, this also results in a crash due to the assertion failure. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions 2.7.1 and earlier, update to TensorFlow 2.7.1 or later. For versions 2.6.3 and earlier, update to TensorFlow 2.6.3 or later.