Source
ghsa
### Impact When [`mlir::tfg::GraphDefImporter::ConvertNodeDef`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc) tries to convert NodeDefs without an op name, it crashes. ```cpp Status GraphDefImporter::ConvertNodeDef(OpBuilder &builder, ConversionState &s, const NodeDef &node) { VLOG(4) << "Importing: " << node.name(); OperationState state(ConvertLocation(node), absl::StrCat("tfg.", node.op())); // The GraphImporter does light shape inference, but here we will defer all of // that to the shape inference pass. const OpDef *op_def; const OpRegistrationData *op_reg_data = nullptr; if ((op_reg_data = registry_.LookUp(node.op()))) { op_def = &op_reg_data->op_def; } else { auto it = function_op_defs_.find(node.op()); if (it == function_op_defs_.end()) return InvalidArgument("Unable to find OpDef for ", node.op()); op_def = it->second; } ``` `node.op().empt...
### Impact When [`mlir::tfg::ConvertGenericFunctionToFunctionDef`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/functiondef_import.cc) is given empty function attributes, it gives a null dereference. ```cpp // Import the function attributes with a `tf.` prefix to match the current // infrastructure expectations. for (const auto& namedAttr : func.attr()) { const std::string& name = "tf." + namedAttr.first; const AttrValue& tf_attr = namedAttr.second; TF_ASSIGN_OR_RETURN(Attribute attr, ConvertAttributeValue(tf_attr, builder, tfgDialect)); attrs.append(name, attr); } ``` If `namedAttr.first` is empty, it will crash. ### Patches We have patched the issue in GitHub commit [1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b](https://github.com/tensorflow/tensorflow/commit/1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b). The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2....
### Impact If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf out_type = tf.quint8 input = tf.constant([1], shape=[3], dtype=tf.qint32) input_min = tf.constant([], shape=[0], dtype=tf.float32) input_max = tf.constant(-256, shape=[1], dtype=tf.float32) requested_output_min = tf.constant(-256, shape=[1], dtype=tf.float32) requested_output_max = tf.constant(-256, shape=[1], dtype=tf.float32) tf.raw_ops.Requantize(input=input, input_min=input_min, input_max=input_max, requested_output_min=requested_output_min, requested_output_max=requested_output_max, out_type=out_type) ``` ### Patches We have patched the issue in GitHub commit [785d67a78a1d533759fcd2f5e8d6ef778de849e0](https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0). The fix will be included in TensorFlow 2....
### Impact When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. ```python import tensorflow as tf arg_0=tf.random.uniform(shape=(4,), dtype=tf.int32, maxval=65536) arg_1=tf.random.uniform(shape=(4, 4, 4, 4, 4), dtype=tf.float32, maxval=None) arg_2=0 arg_3=0 arg_4=tf.int32 arg_5=None tf.raw_ops.RandomPoissonV2(shape=arg_0, rate=arg_1, seed=arg_2, seed2=arg_3, dtype=arg_4, name=arg_5) ``` ### Patches We have patched the issue in GitHub commit [552bfced6ce4809db5f3ca305f60ff80dd40c5a3](https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3). The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/maste...
### Impact When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that can trigger a denial of service attack. ```python import tensorflow as tf import numpy as np arg_0=tf.constant(value=np.random.random(size=(2, 2)), shape=(2, 2), dtype=tf.float32) arg_1=tf.constant(value=np.random.random(size=(2, 2)), shape=(2, 2), dtype=tf.float32) arg_2=tf.constant(value=np.random.random(size=(2, 2)), shape=(2, 2), dtype=tf.float32) arg_3=tf.constant(value=np.random.random(size=(2, 2)), shape=(2, 2), dtype=tf.float32) arg_4=8 arg_5=False arg_6='' tf.quantization.fake_quant_with_min_max_vars_gradient(gradients=arg_0, inputs=arg_1, min=arg_2, max=arg_3, num_bits=arg_4, narrow_range=arg_5, name=arg_6) ``` ### Patches We have patched the issue in GitHub commit [f3cf67ac5705f4f04721d15e485e192bb319feed](https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed). The fix will be included in T...
### Impact When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a denial of service attack. ```python import tensorflow as tf arg_0='' arg_1=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None) arg_2=tf.random.uniform(shape=(2,1), dtype=tf.float32, maxval=None) arg_3=3 arg_4='' tf.raw_ops.AudioSummaryV2(tag=arg_0, tensor=arg_1, sample_rate=arg_2, max_outputs=arg_3, name=arg_4) ``` ### Patches We have patched the issue in GitHub commit [bf6b45244992e2ee543c258e519489659c99fb7f](https://github.com/tensorflow/tensorflow/commit/bf6b45244992e2ee543c258e519489659c99fb7f). The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blo...
### Impact > _What kind of vulnerability is it? Who is impacted?_ The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program. When using `github.com/gagliardetto/binary` to parse unchecked (or wrong type of) data from untrusted sources of input (e.g. the blockchain) into slices, it's possible to allocate memory with excessive size. When `dec.Decode(&val)` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Example: ```go package main import ( "github.com/gagliardetto/binary" // any version before v0.7.1 is vulnerable "log" ) type MyStruct struct { Field1 []byte // fi...
### Impact When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. ```python import tensorflow as tf arg_0=tf.random.uniform(shape=(4,), dtype=tf.int32, maxval=65536) arg_1=tf.random.uniform(shape=(4, 4), dtype=tf.float64, maxval=None) arg_2=tf.random.uniform(shape=(4, 4, 4, 4, 4), dtype=tf.float64, maxval=None) arg_3=tf.float64 arg_4=48 arg_5='None' tf.random.gamma(shape=arg_0, alpha=arg_1, beta=arg_2, dtype=arg_3, seed=arg_4, name=arg_5) ``` ### Patches We have patched the issue in GitHub commit [552bfced6ce4809db5f3ca305f60ff80dd40c5a3](https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3). The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tens...
### Impact When [`tensorflow::full_type::SubstituteFromAttrs`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc) receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status. ```cpp Status SubstituteForEach(AttrMap& attrs, FullTypeDef& t) { DCHECK_EQ(t.args_size(), 3); const auto& cont = t.args(0); const auto& tmpl = t.args(1); const auto& t_var = t.args(2); ``` ### Patches We have patched the issue in GitHub commit [6104f0d4091c260ce9352f9155f7e9b725eab012](https://github.com/tensorflow/tensorflow/commit/6104f0d4091c260ce9352f9155f7e9b725eab012). The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more infor...
### Impact Read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. ### Patches Patch v1.3.35 or higher ### Workarounds No workaround ### References For future reference and understanding of this issue, anyone can check this integration test https://github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L452 that proves the fix and prevents a future code regression. ### For more information If you have any questions or comments about this advisory: * Open an issue in elrond-go ([http://github.com/ElrondNetwork/elrond-go/issues](https://github.com/ElrondNetwork/elrond-go/issues))