Google Tensorflow Open source machine learning / AI library

TensorFlow 2.18.0 Embedding comp. random output vulnerability
CVE-2025-55556 6.5 - Medium - September 25, 2025

TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application.

Embedded Malicious Code

TensorFlow Serving Unbounded Recursion in JSON Stringification CVE-2025-0649
CVE-2025-0649 7.5 - High - May 06, 2025

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash.

Memory Corruption

Segfault in TensorFlow array_ops.upper_bound (pre-2.13)
CVE-2023-33976 7.5 - High - July 30, 2024

TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12.

Integer Overflow or Wraparound

TensorFlow Java Zip Slip via FileUtil.extract() in SavedModel load
CVE-2023-5245 9.8 - Critical - November 15, 2023

FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract(). Arbitrary file creation can directly lead to code execution

TensorFlow DOS via Convolution3DTranspose (Fix 2.11.1)
CVE-2023-25661 6.5 - Medium - March 27, 2023

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a `Convolution3DTranspose` call. This issue has been patched and users are advised to upgrade to version 2.11.1. There are no known workarounds for this vulnerability.

TensorFlow Null Ptr in Lookup before v2.12.0/2.11.1
CVE-2023-25663 7.5 - High - March 25, 2023

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.

NULL Pointer Dereference

TensorFlow FP Exception in TensorListSplit via XLA (before 2.12.0/2.11.1)
CVE-2023-25673 7.5 - High - March 25, 2023

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Incorrect Comparison

TensorFlow NPE via LookupTableImportV2 with scalar values (fixed 2.12/2.11.1)
CVE-2023-25672 7.5 - High - March 25, 2023

TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

NULL Pointer Dereference

TensorFlow 2.12.0 NullPtr in QuantizedMatMulWithBiasAndDequantize (MKL)
CVE-2023-25670 7.5 - High - March 25, 2023

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

NULL Pointer Dereference

TensorFlow FP Exception via AvgPoolGrad pre-2.12.0/2.11.1
CVE-2023-25669 7.5 - High - March 25, 2023

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Incorrect Comparison

TensorFlow <2.12.0: Integer Overflow in Frame Size Calculation
CVE-2023-25667 7.5 - High - March 25, 2023

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Integer Overflow or Wraparound

TensorFlow OOB Read in GRUBlockCellGrad; Fixed in 2.12.0/2.11.1
CVE-2023-25658 7.5 - High - March 25, 2023

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.

Out-of-bounds Read

TensorFlow TFLite model FPE (filter_input_channel<1) fixed in 2.12
CVE-2023-27579 7.5 - High - March 25, 2023

TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1.

Incorrect Comparison

TensorFlow NPE in RandomShuffle (XLA) <2.12.0/2.11.1
CVE-2023-25674 7.5 - High - March 25, 2023

TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1.

NULL Pointer Dereference

OOB in TensorFlow <2.12.0 or <2.11.1 from int size mismatch
CVE-2023-25671 7.5 - High - March 25, 2023

TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Memory Corruption

TensorFlow 2.12: tf.raw_ops.Print summarize=0 Nullptr segfault
CVE-2023-25660 7.5 - High - March 25, 2023

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.

NULL Pointer Dereference

TensorFlow XLA Segfault via tf.raw_ops.Bincount Weights Param - Pre-2.12/2.11.1
CVE-2023-25675 7.5 - High - March 25, 2023

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1.

Incorrect Comparison

TensorFlow segfault via tf.raw_ops.ParallelConcat pre-2.12.0 XLA
CVE-2023-25676 7.5 - High - March 25, 2023

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1.

NULL Pointer Dereference

TensorFlow nn_ops pool_ratio bug (<=2.11.1 & <2.12.0)
CVE-2023-25801 7.8 - High - March 25, 2023

TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1.

Double-free

TensorFlow heap buffer overflow TAvgPoolGrad pre-2.12.0/2.11.1
CVE-2023-25664 9.8 - Critical - March 25, 2023

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.

Classic Buffer Overflow

TensorFlow NPE in SparseSparseMaximum before 2.12.0, fixed 2.12.0
CVE-2023-25665 7.5 - High - March 25, 2023

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1.

NULL Pointer Dereference

TensorFlow EditDistance Integer Overflow (<=2.12.0, 2.11.1)
CVE-2023-25662 7.5 - High - March 25, 2023

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Integer Overflow or Wraparound

TensorFlow FP Exception in AudioSpectrogram before 2.12.0/2.11.1
CVE-2023-25666 7.5 - High - March 25, 2023

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Incorrect Comparison

TensorFlow 2.12.0/2.11.1 Heap RCE via Uncontrolled Memory Access
CVE-2023-25668 9.8 - Critical - March 25, 2023

TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.

Out-of-bounds Read

TensorFlow OOB Read: indices mismatch pre-2.12.0/2.11.1
CVE-2023-25659 7.5 - High - March 25, 2023

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Out-of-bounds Read

TensorFlow OOB Read in MakeGrapplerFunctionItem before 2.11.0
CVE-2022-41902 9.1 - Critical - December 06, 2022

TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.

Out-of-bounds Read

TensorFlow <2.11.0: OOB Read Crash via MakeGrapplerFunctionItem Sizes
CVE-2022-41910 9.1 - Critical - December 06, 2022

TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.

Out-of-bounds Read

TensorFlow Unchecked Rank in tf.image.generate_bounding_box_proposals CVE-2022-41888
CVE-2022-41888 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Improper Input Validation

TensorFlow 2.10/2.11 Crash via tf.keras.losses.poisson int32 overflow
CVE-2022-41887 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9.

Incorrect Calculation of Buffer Size

TensorFlow 2.8/2.9/2.10/2.11 ImageProjectiveTransformV2 Large-Shape Overflow
CVE-2022-41886 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Incorrect Calculation of Buffer Size

TensorFlow 2.10 NP Array Shape Error CVE202241884
CVE-2022-41884 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Always-Incorrect Control Flow Implementation

TensorFlow 2.8-2.10 Heap OOB Read in BaseCandidateSamplerOp
CVE-2022-41880 9.1 - Critical - November 18, 2022

TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Out-of-bounds Read

TensorFlow UTF-8 Token Check Failure in tf.raw_ops.PyFunc
CVE-2022-41908 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Improper Input Validation

TensorFlow <2.11 ResizeNearestNeighborGrad OOB overflow
CVE-2022-41907 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Incorrect Calculation of Buffer Size

TensorFlow <2.11 SparseMatrixNNZ CHECK Fail
CVE-2022-41901 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

assertion failure

TensorFlow 2.10/2.11 FractionalPool Illegal pooling_ratio Heap Overflow
CVE-2022-41900 9.8 - Critical - November 18, 2022

TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1.

Out-of-bounds Read

TensorFlow 2.11: SdcaOptimizer Rank Check Failure (CVE-2022-41899)
CVE-2022-41899 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

assertion failure

TensorFlow <=2.11.0 char->bool UB Crash on tensor printing
CVE-2022-41911 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Incorrect Type Conversion or Cast

TensorFlow 2.811 Segfault via invalid CompositeTensorVariant
CVE-2022-41909 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

NULL Pointer Dereference

TensorFlow 2.11 Integer Overflow in FusedResizeAndPadConv2D
CVE-2022-41885 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Incorrect Calculation of Buffer Size

TensorFlow Quantized Tensor Assignment Causes Uncaught nullptr (v2.11+)
CVE-2022-41889 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

NULL Pointer Dereference

TensorFlow: Crash in BCast::ToShape for input > int32 (before 2.11)
CVE-2022-41890 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Incorrect Type Conversion or Cast

Segfault via tf.raw_ops.TensorListConcat element_shape=[] in TensorFlow <2.11
CVE-2022-41891 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

TensorFlow CONV_3D_TRANSPOSE Buffer Overflow (pre-2.11)
CVE-2022-41894 8.1 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter. We have patched the issue in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Classic Buffer Overflow

TensorFlow Heap OOB via MirrorPadGrad on TF < 2.11
CVE-2022-41895 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Out-of-bounds Read

TensorFlow 2.82.11 Crash via SparseFillEmptyRowsGrad
CVE-2022-41898 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

DoS via Invalid Size in tf.raw_ops.TensorListResize (TensorFlow <=2.11)
CVE-2022-41893 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

assertion failure

TensorFlow Crash by ThreadUnsafeUnigramCandidateSampler (<=2.11)
CVE-2022-41896 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Improper Validation of Specified Quantity in Input

TensorFlow <2.11 Crash via FractionMaxPoolGrad OOB Inputs
CVE-2022-41897 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Out-of-bounds Read

TensorFlow ops input size mismatch crash fixed in 2.11 / 2.10/2.9/2.8
CVE-2022-41883 7.5 - High - November 18, 2022

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Out-of-bounds Read