CVE-2021-41216

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier

Description The shape inference function for Transpose in TensorFlow is vulnerable to a heap buffer overflow. This occurs whenever the perm variable contains negative elements. The shape inference function does not validate that the indices in perm are all valid.

Recommendations For versions prior to 2.7.0, update to TensorFlow 2.7.0 or later. For versions 2.6.1 and earlier, update to TensorFlow 2.6.1 or later. For versions 2.5.2 and earlier, update to TensorFlow 2.5.2 or later. For versions 2.4.4 and earlier, update to TensorFlow 2.4.4 or later. As a temporary workaround, consider validating the indices in the perm variable to ensure they are all valid before using the Transpose function.

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-787

Related Identifiers

BIT-TENSORFLOW-2021-41216

CVE-2021-41216

GHSA-3FF2-R28G-W7H9

OPENSUSE-SU-2024:12116-1

PYSEC-2021-408

PYSEC-2021-625

PYSEC-2021-823

Affected Products

Tensorflow

CVE-2021-41216

Weakness Enumeration

Related Identifiers

Affected Products

References · 15