CVE-2021-37673

CVSS v4.0

6.8

Medium

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier

Description An attacker can trigger a denial of service via a CHECK-fail in tf.raw ops.MapStage. The implementation does not check that the key input is a valid non-empty tensor.

Recommendations For TensorFlow versions prior to 2.6.0, update to version 2.6.0 or later. For TensorFlow versions 2.5.1 and earlier, update to version 2.5.1 or later. For TensorFlow versions 2.4.3 and earlier, update to version 2.4.3 or later. For TensorFlow versions 2.3.4 and earlier, update to version 2.3.4 or later. As a temporary workaround, consider validating the key input to ensure it is a valid non-empty tensor before passing it to tf.raw ops.MapStage.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BIT-TENSORFLOW-2021-37673

CVE-2021-37673

GHSA-278G-RQ84-9HMG

OPENSUSE-SU-2022:10014-1

OPENSUSE-SU-2024:12116-1

PYSEC-2021-295

PYSEC-2021-586

PYSEC-2021-784

Affected Products

Tensorflow

CVE-2021-37673

Weakness Enumeration

Related Identifiers

Affected Products

References · 86