PT-2021-23173 · Google · Tensorflow
Mihaimaruseac
·
Published
2021-11-05
·
Updated
2024-03-06
·
CVE-2021-41201
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.7.0
TensorFlow versions 2.6.1 and earlier
TensorFlow versions 2.5.2 and earlier
TensorFlow versions 2.4.4 and earlier
Description
The issue arises during execution when
EinsumHelper::ParseEquation() is supposed to set flags in the input has ellipsis vector and the *output has ellipsis boolean to indicate whether there is an ellipsis in the corresponding inputs and output. However, the code only changes these flags to true and never assigns false, resulting in uninitialized variable access if callers assume that EinsumHelper::ParseEquation() always sets these flags.Recommendations
For TensorFlow versions prior to 2.7.0, update to version 2.7.0 or later.
For TensorFlow versions 2.6.1 and earlier, update to version 2.6.1 or later.
For TensorFlow versions 2.5.2 and earlier, update to version 2.5.2 or later.
For TensorFlow versions 2.4.4 and earlier, update to version 2.4.4 or later.
Exploit
Fix
Access of Uninitialized Pointer
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tensorflow