Jeremy Meredith - Security Researcher - Exploit Intelligence Platform

CVE-2022-41895 WRITEUP MEDIUM WRITEUP

TensorFlow < 2.8.4 - Heap Out-of-Bounds Read in MirrorPadGrad

TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

CVSS 4.8

View Code

CVE-2023-25663 WRITEUP HIGH WRITEUP

TensorFlow < 2.12.0 - NULL Pointer Dereference in Lookup Function

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.

CVSS 7.5

View Code

CVE-2023-25676 WRITEUP HIGH WRITEUP

TensorFlow < 2.12.0 - Null Pointer Dereference in ParallelConcat

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1.

CVSS 7.5

View Code