experiments/STT-tensorflow
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
rename
STT-tensorflow/tensorflow/security
History
Amit Patankar 0567523bed Add the no_oss tag to proto dependent fuzzers to avoid breakages in OSS-Fuzz. 
PiperOrigin-RevId: 358064738
Change-Id: I23339bb35c9ae8293e47507977e1834a0e892f8e
2021-02-17 17:14:51 -08:00
..
advisory Merge pull request #45951 from yqtianust:patch-1 2020-12-28 10:58:05 -08:00
fuzzing Add the no_oss tag to proto dependent fuzzers to avoid breakages in OSS-Fuzz. 2021-02-17 17:14:51 -08:00
README.md Security advisories for 2.4 releases. 2020-12-09 13:32:23 -08:00

README.md

TensorFlow Security Advisories

Fuzzing Status

We regularly publish security advisories about using TensorFlow.

Note: In conjunction with these security advisories, we strongly encourage TensorFlow users to read and understand TensorFlow's security model as outlined in SECURITY.md.

Advisory Number Type Versions affected Reported by Additional Information
TFSA-2020-034 Heap out of bounds access in MakeEdge >= 1.15.0, <= 2.3.0 (discovered internally)
TFSA-2020-033 CHECK-fail in LSTM with zero-length input >= 1.15.0, <= 2.3.0 (discovered internally)
TFSA-2020-032 Heap out of bounds read in filesystem glob matching 2.4.0-rc{0,1,2,3} Aivul Team from Qihoo 360
TFSA-2020-031 Write to immutable memory region >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-030 Lack of validation in data format attributes >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-029 Uninitialized memory access in Eigen types >= 1.15.0, <= 2.3.0 (discovered internally)
TFSA-2020-028 Float cast overflow undefined behavior <= 2.3 (Reported on GitHub) issue report
TFSA-2020-027 Segfault in tf.quantization.quantize_and_dequantize <= 2.3 (Reported on GitHub) issue report
TFSA-2020-026 Segfault in tf.raw_ops.Switch in eager mode 2.2.0, 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-025 Undefined behavior in dlpack.to_dlpack 2.2.0, 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-024 Memory leak in dlpack.to_dlpack 2.2.0, 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-023 Memory corruption in dlpack.to_dlpack 2.2.0, 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-022 Crash due to invalid shape of grad_values in SparseFillEmptyRowsGrad >= 1.15.0, <= 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-021 Heap buffer overflow in SparseFillEmptyRowsGrad >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-020 Heap buffer overflow in weighted sparse count ops 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-019 Crash due to invalid splits in SparseCountSparseOutput 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-018 Heap buffer overflow due to invalid indices in SparseCountSparseOutput 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-017 Abort due to invalid splits in RaggedCountSparseOutput 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-016 Segfault due to invalid splits in RaggedCountSparseOutput 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-015 Heap buffer overflow due to invalid splits in RaggedCountSparseOutput 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-014 Integer truncation in Shard API usage >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-013 Format-string vulnerability in TensorFlow's as_string >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-012 Segfault by calling session-only ops in eager mode >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-011 Data leak in tf.raw_ops.StringNGrams >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-010 Incomplete validation in TensorFlow's SavedModel's constant nodes causes segfaults >= 1.15.0, <= 2.3.0 Shuaike Dong, Alipay Tian Qian Security Lab issue report
TFSA-2020-009 Segfault and data corruption caused by negative indexing in TFLite >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-008 Data corruption due to dimension mismatch in TFLite >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-007 Null pointer dereference in TFLite >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360, variant analysis
TFSA-2020-006 Segmentation fault and/or data corruption due to invalid TFLite model >= 1.15.0, <= 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-005 Out of bounds access in TFLite operators >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-004 Out of bounds access in TFLite implementation of segment sum 2.2.0, 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-003 Denial of service from TFLite implementation of segment sum 2.2.0, 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-002 Out of bounds write in TFLite implementation of segment sum 2.2.0, 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-001 Segmentation fault when converting a Python string to tf.float16 >= 1.12.0, <= 2.1 (found internally)
TFSA-2019-002 Heap buffer overflow in UnsortedSegmentSum <= 1.14 (found internally)
TFSA-2019-001 Null Pointer Dereference Error in Decoding GIF Files <= 1.12 Baidu Security Lab
TFSA-2018-006 Crafted Configuration File results in Invalid Memory Access <= 1.7 Blade Team of Tencent
TFSA-2018-005 Old Snappy Library Usage Resulting in Memcpy Parameter Overlap <= 1.7 Blade Team of Tencent
TFSA-2018-004 Checkpoint Meta File Out-of-Bounds Read <= 1.7 Blade Team of Tencent
TFSA-2018-003 TensorFlow Lite TOCO FlatBuffer Parsing Vulnerability <= 1.7 Blade Team of Tencent
TFSA-2018-002 GIF File Parsing Null Pointer Dereference Error <= 1.5 Blade Team of Tencent
TFSA-2018-001 BMP File Parser Out-of-bounds Read <= 1.6 Blade Team of Tencent
- Out Of Bounds Read <= 1.4 Blade Team of Tencent issue report