PT-2021-18367 · Google · Tensorflow
Mihaimaruseac
·
Published
2021-05-14
·
Updated
2024-03-06
·
CVE-2021-29616
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.5.0
TensorFlow version 2.4.2
TensorFlow version 2.3.3
TensorFlow version 2.2.3
TensorFlow version 2.1.4
Description
The implementation of
TrySimplify has undefined behavior due to dereferencing a null pointer in corner cases that result in optimizing a node with no inputs.Recommendations
For TensorFlow versions prior to 2.5.0, update to version 2.5.0 or later.
For TensorFlow version 2.4.2, apply the patch from GitHub commit e6340f0665d53716ef3197ada88936c2a5f7a2d3 or update to a later version.
For TensorFlow version 2.3.3, apply the patch from GitHub commit e6340f0665d53716ef3197ada88936c2a5f7a2d3 or update to a later version.
For TensorFlow version 2.2.3, apply the patch from GitHub commit e6340f0665d53716ef3197ada88936c2a5f7a2d3 or update to a later version.
For TensorFlow version 2.1.4, apply the patch from GitHub commit e6340f0665d53716ef3197ada88936c2a5f7a2d3 or update to a later version.
Exploit
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tensorflow