PT-2021-23185 · Google · Tensorflow
Published
2021-11-05
·
Updated
2024-03-06
·
CVE-2021-41212
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.7.0
TensorFlow versions 2.6.1 and earlier
TensorFlow versions 2.5.2 and earlier
TensorFlow versions 2.4.4 and earlier
Description
The shape inference code for
tf.ragged.cross can trigger a read outside of bounds of heap allocated array. This issue has been reported by members of the Aivul Team from Qihoo 360.Recommendations
For versions prior to 2.7.0, update to TensorFlow 2.7.0 or later.
For versions 2.6.1 and earlier, update to TensorFlow 2.6.1 or later.
For versions 2.5.2 and earlier, update to TensorFlow 2.5.2 or later.
For versions 2.4.4 and earlier, update to TensorFlow 2.4.4 or later.
As a temporary workaround, consider disabling the
tf.ragged.cross function until a patch is available.Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tensorflow