CVE-2021-29611

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions 2.3.3 through 2.4.2

Description Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The implementation has no validation that the input arguments specify a valid sparse tensor.

Recommendations For versions 2.3.3 and 2.4.2, update to version 2.5.0 or later to resolve the issue. For version 2.3.3, consider applying the patch from GitHub commit 1d04d7d93f4ed3854abf75d6b712d72c3f70d6b6 as a temporary workaround until the official update is available. For version 2.4.2, consider applying the patch from GitHub commit 1d04d7d93f4ed3854abf75d6b712d72c3f70d6b6 as a temporary workaround until the official update is available.

Exploit

Fix

Improper Initialization

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665CWE-20

Related Identifiers

BIT-TENSORFLOW-2021-29611

CVE-2021-29611

GHSA-9RPC-5V9Q-5R7F

PYSEC-2021-248

PYSEC-2021-539

PYSEC-2021-737

Affected Products

Tensorflow

CVE-2021-29611

Weakness Enumeration

Related Identifiers

Affected Products

References · 14