PT-2021-18352 · Google · Tensorflow
Published
2021-05-14
·
Updated
2024-03-06
·
CVE-2021-29601
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.5.0
TensorFlow versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4 are also affected
Description
The TFLite implementation of concatenation is vulnerable to an integer overflow issue. An attacker can craft a model such that the dimensions of one of the concatenation input overflow the values of
int. TFLite uses int to represent tensor dimensions, whereas TF uses int64. Hence, valid TF models can trigger an integer overflow when converted to TFLite format.Recommendations
For TensorFlow versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue.
For TensorFlow version 2.4.2, update to a patched version that includes the fix for this issue.
For TensorFlow version 2.3.3, update to a patched version that includes the fix for this issue.
For TensorFlow version 2.2.3, update to a patched version that includes the fix for this issue.
For TensorFlow version 2.1.4, update to a patched version that includes the fix for this issue.
Exploit
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tensorflow