CVE-2021-37676

CVSS v4.0

8.5

High

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier

Description An attacker can cause undefined behavior via binding a reference to null pointer in tf.raw ops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empty tensors.

Recommendations For versions prior to 2.6.0, update to TensorFlow 2.6.0 or later. For versions 2.5.1 and earlier, update to TensorFlow 2.5.1 or later. For versions 2.4.3 and earlier, update to TensorFlow 2.4.3 or later. For versions 2.3.4 and earlier, update to TensorFlow 2.3.4 or later. As a temporary workaround, consider avoiding the use of tf.raw ops.SparseFillEmptyRows until a patch is available.

Fix

Access of Uninitialized Pointer

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-824

Related Identifiers

BIT-TENSORFLOW-2021-37676

CVE-2021-37676

GHSA-V768-W7M9-2VMM

OPENSUSE-SU-2022:10014-1

OPENSUSE-SU-2024:12116-1

PYSEC-2021-298

PYSEC-2021-589

PYSEC-2021-787

Affected Products

Tensorflow

CVE-2021-37676

Weakness Enumeration

Related Identifiers

Affected Products

References · 87