漏洞标题
因向无符号整数转换而产生的整型溢出在TensorFlow中
漏洞描述信息
在TensorFlow中因转换为无符号整数而导致的整数溢出
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
Integer overflow due to conversion to unsigned in TensorFlow
漏洞描述信息
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L126) uses the `axis` value as the size argument to `absl::InlinedVector` constructor. But, the constructor uses an unsigned type for the argument, so the implicit conversion transforms the negative value to a large integer. We have patched the issue in GitHub commit 96f364a1ca3009f98980021c4b32be5fdcca33a1. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, and TensorFlow 2.4.3, as these are also affected and still in supported range.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞类别
数值类型间的不正确转换
漏洞标题
Google TensorFlow 数字错误漏洞
漏洞描述信息
Google TensorFlow是美国谷歌(Google)公司的一套用于机器学习的端到端开源平台。 Google TensorFlow存在数字错误漏洞,该漏洞源于在受影响的版本中,“tf.raw_ops.QuantizeAndDequantizeV4Grad”的实现容易受到整数溢出问题的攻击,这是由于将有符号整数值转换为无符号整数值,然后根据该值分配内存而导致的。
CVSS信息
N/A
漏洞类别
数字错误