Pattarakrit Rattankul

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1 and earlier TensorFlow versions 2.9.3 and earlier **Description** TensorFlow is an open source platform for machine learning. The `tf.keras.losses.poisson` function receives a `y pred` and `y true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. **Recommendations** For TensorFlow versions prior to 2.11, update to version 2.11 or later. For TensorFlow versions 2.10.1 and earlier, update to version 2.10.1 or later. For TensorFlow versions 2.9.3 and earlier, update to version 2.9.3 or later. As a temporary workaround, consider avoiding the use of `tf.keras.losses.poisson` with large input dimensions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1, 2.9.3, and 2.8.4 **Description** TensorFlow is an open source platform for machine learning. When running on GPU, the function `tf.image.generate bounding box proposals` receives a `scores` input that must be of rank 4 but is not checked. **Recommendations** For TensorFlow versions prior to 2.11, update to version 2.11 or later. For TensorFlow versions 2.10.1, 2.9.3, and 2.8.4, apply the patch from GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. As a temporary workaround, consider validating the rank of the `scores` input before passing it to `tf.image.generate bounding box proposals`.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1 and earlier TensorFlow versions 2.9.3 and earlier TensorFlow versions 2.8.4 and earlier **Description** TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract volume patches` by passing in quantized tensors as input `ksizes`. **Recommendations** For versions prior to 2.11, update to TensorFlow 2.11 or later. For versions 2.10.1 and earlier, update to TensorFlow 2.10.1 or later. For versions 2.9.3 and earlier, update to TensorFlow 2.9.3 or later. For versions 2.8.4 and earlier, update to TensorFlow 2.8.4 or later. As a temporary workaround, consider avoiding the use of quantized tensors as input `ksizes` in `tf.compat.v1.extract volume patches` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1, 2.9.3, and 2.8.4 **Description** The issue arises when `BCast::ToShape` is given input larger than an `int32`, causing it to crash despite being supposed to handle up to an `int64`. An example of this can be seen in `tf.experimental.numpy.outer` by passing large input to the input `b`. **Recommendations** For TensorFlow versions prior to 2.11, update to version 2.11 or later. For TensorFlow versions 2.10.1, 2.9.3, and 2.8.4, apply the patch from GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. As a temporary workaround, consider avoiding large inputs to `BCast::ToShape` until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1, 2.9.3, and 2.8.4 **Description** TensorFlow is an open source platform for machine learning. If `tf.raw ops.TensorListResize` is given a nonscalar value for input `size`, it results in a `CHECK` fail which can be used to trigger a denial of service attack. **Recommendations** For TensorFlow versions prior to 2.11, update to version 2.11 or later. For TensorFlow version 2.10.1, update to a version that includes the patch from GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. For TensorFlow version 2.9.3, update to a version that includes the patch from GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. For TensorFlow version 2.8.4, update to a version that includes the patch from GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. As a temporary workaround, consider avoiding the use of `tf.raw ops.TensorListResize` with nonscalar values for input `size` until a patch is applied.