PT-2021-18370 · Google · Tensorflow
Mihaimaruseac
·
Published
2021-05-14
·
Updated
2024-03-06
·
CVE-2021-29619
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions 2.1.4 through 2.4.2
TensorFlow versions prior to 2.5.0
Description
Passing invalid arguments, such as those discovered via fuzzing, to
tf.raw ops.SparseCountSparseOutput results in a segfault.Recommendations
For versions 2.1.4, 2.2.3, 2.3.3, and 2.4.2, update to the respective version with the cherrypicked commit.
For versions prior to 2.5.0, update to version 2.5.0 to resolve the issue.
As a temporary workaround, consider avoiding the use of
tf.raw ops.SparseCountSparseOutput with invalid arguments until a patch is applied.Exploit
Fix
Improper Handling of Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tensorflow