FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
326b2f3e-6fc7-4661-955d-a772760db9cf	py-tflite -- buffer overflow vulnerability Thibaut Goetghebuer-Planchon reports: The reference kernel of the CONV_3D_TRANSPOSE TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels in a way similar to the attached example script. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter (i.e. `experimental_op_resolver_type=tf.lite.experimental.OpResolverType.BUILTIN_REF` is used). Discovery 2022-11-21 Entry 2023-04-09 py37-tflite py38-tflite py39-tflite py310-tflite py311-tflite < 2.8.4 ge 2.9.0 lt 2.9.3 ge 2.10.0 lt 2.10.1 CVE-2022-41894 https://osv.dev/vulnerability/GHSA-h6q3-vv32-2cq5
d82bcd2b-5cd6-421c-8179-b3ff0231029f	py-tflite -- denial of service vulnerability Yakun Zhang of Baidu Security reports: An attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service Discovery 2021-08-25 Entry 2023-04-09 py37-tflite py38-tflite py39-tflite py310-tflite py311-tflite < 2.3.4 ge 2.4.0 lt 2.4.3 ge 2.5.0 lt 2.5.1 CVE-2021-37689 https://osv.dev/vulnerability/GHSA-wf5p-c75w-w3wh

VuXML ID

Description

326b2f3e-6fc7-4661-955d-a772760db9cf

py-tflite -- buffer overflow vulnerability

Thibaut Goetghebuer-Planchon reports:

The reference kernel of the CONV_3D_TRANSPOSE TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result.

Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels.

An attacker can craft a model with a specific number of input channels in a way similar to the attached example script.

It is then possible to write specific values through the bias of the layer outside the bounds of the buffer.

This attack only works if the reference kernel resolver is used in the interpreter (i.e. `experimental_op_resolver_type=tf.lite.experimental.OpResolverType.BUILTIN_REF` is used).

Discovery 2022-11-21
Entry 2023-04-09
py37-tflite
py38-tflite
py39-tflite
py310-tflite
py311-tflite

< 2.8.4

ge 2.9.0 lt 2.9.3

ge 2.10.0 lt 2.10.1

CVE-2022-41894
https://osv.dev/vulnerability/GHSA-h6q3-vv32-2cq5

d82bcd2b-5cd6-421c-8179-b3ff0231029f

py-tflite -- denial of service vulnerability

Yakun Zhang of Baidu Security reports:

An attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service

Discovery 2021-08-25
Entry 2023-04-09
py37-tflite
py38-tflite
py39-tflite
py310-tflite
py311-tflite

< 2.3.4

ge 2.4.0 lt 2.4.3

ge 2.5.0 lt 2.5.1

CVE-2021-37689
https://osv.dev/vulnerability/GHSA-wf5p-c75w-w3wh