experiments/STT-tensorflow
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
cherrypick_339370490
STT-tensorflow/tensorflow/security
History
Mihai Maruseac cb0d520b49 Add advisories that I missed in previous change 
PiperOrigin-RevId: 338308560
Change-Id: I00fcba98e8ea614634ae80c7108048b656ddce12
2020-10-21 12:04:02 -07:00
..
advisory Add advisories that I missed in previous change 2020-10-21 12:04:02 -07:00
fuzzing Remove fuzzer which is too small. 2020-09-08 13:20:11 -07:00
README.md Add security advisories for #42105 and #42129. 2020-10-20 16:35:05 -07:00

README.md

TensorFlow Security Advisories

Fuzzing Status

We regularly publish security advisories about using TensorFlow.

Note: In conjunction with these security advisories, we strongly encourage TensorFlow users to read and understand TensorFlow's security model as outlined in SECURITY.md.

Advisory Number Type Versions affected Reported by Additional Information
TFSA-2020-028 Float cast overflow undefined behavior <= 2.3 (Reported on GitHub) issue report
TFSA-2020-027 Segfault in tf.quantization.quantize_and_dequantize <= 2.3 (Reported on GitHub) issue report
TFSA-2020-026 Segfault in tf.raw_ops.Switch in eager mode 2.2.0, 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-025 Undefined behavior in dlpack.to_dlpack 2.2.0, 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-024 Memory leak in dlpack.to_dlpack 2.2.0, 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-023 Memory corruption in dlpack.to_dlpack 2.2.0, 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-022 Crash due to invalid shape of grad_values in SparseFillEmptyRowsGrad >= 1.15.0, <= 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-021 Heap buffer overflow in SparseFillEmptyRowsGrad >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-020 Heap buffer overflow in weighted sparse count ops 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-019 Crash due to invalid splits in SparseCountSparseOutput 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-018 Heap buffer overflow due to invalid indices in SparseCountSparseOutput 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-017 Abort due to invalid splits in RaggedCountSparseOutput 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-016 Segfault due to invalid splits in RaggedCountSparseOutput 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-015 Heap buffer overflow due to invalid splits in RaggedCountSparseOutput 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-014 Integer truncation in Shard API usage >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-013 Format-string vulnerability in TensorFlow's as_string >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-012 Segfault by calling session-only ops in eager mode >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-011 Data leak in tf.raw_ops.StringNGrams >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-010 Incomplete validation in TensorFlow's SavedModel's constant nodes causes segfaults >= 1.15.0, <= 2.3.0 Shuaike Dong, Alipay Tian Qian Security Lab issue report
TFSA-2020-009 Segfault and data corruption caused by negative indexing in TFLite >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-008 Data corruption due to dimension mismatch in TFLite >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-007 Null pointer dereference in TFLite >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360, variant analysis
TFSA-2020-006 Segmentation fault and/or data corruption due to invalid TFLite model >= 1.15.0, <= 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-005 Out of bounds access in TFLite operators >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-004 Out of bounds access in TFLite implementation of segment sum 2.2.0, 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-003 Denial of service from TFLite implementation of segment sum 2.2.0, 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-002 Out of bounds write in TFLite implementation of segment sum 2.2.0, 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-001 Segmentation fault when converting a Python string to tf.float16 >= 1.12.0, <= 2.1 (found internally)
TFSA-2019-002 Heap buffer overflow in UnsortedSegmentSum <= 1.14 (found internally)
TFSA-2019-001 Null Pointer Dereference Error in Decoding GIF Files <= 1.12 Baidu Security Lab
TFSA-2018-006 Crafted Configuration File results in Invalid Memory Access <= 1.7 Blade Team of Tencent
TFSA-2018-005 Old Snappy Library Usage Resulting in Memcpy Parameter Overlap <= 1.7 Blade Team of Tencent
TFSA-2018-004 Checkpoint Meta File Out-of-Bounds Read <= 1.7 Blade Team of Tencent
TFSA-2018-003 TensorFlow Lite TOCO FlatBuffer Parsing Vulnerability <= 1.7 Blade Team of Tencent
TFSA-2018-002 GIF File Parsing Null Pointer Dereference Error <= 1.5 Blade Team of Tencent
TFSA-2018-001 BMP File Parser Out-of-bounds Read <= 1.6 Blade Team of Tencent
- Out Of Bounds Read <= 1.4 Blade Team of Tencent issue report