CVE-2021-41197

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.0 through 2.6.0 TensorFlow versions 2.5.0 through 2.5.1 TensorFlow versions 2.4.0 through 2.4.3

Description TensorFlow allows tensors to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64 t. If an overflow occurs, MultiplyWithoutOverflow would return a negative result, resulting in a CHECK-failure in the majority of the TensorFlow codebase. Newer constructs exist which return a Status instead of crashing the binary. For example, calls to AddDim should be replaced by AddDimWithStatus.

Recommendations For versions prior to 2.7.0, update to TensorFlow 2.7.0 or later. For versions 2.6.0 through 2.6.0, update to TensorFlow 2.6.1 or later. For versions 2.5.0 through 2.5.1, update to TensorFlow 2.5.2 or later. For versions 2.4.0 through 2.4.3, update to TensorFlow 2.4.4 or later.