CVE-2021-41210Out-of-bounds Read in Tensorflow

CWE-125Out-of-bounds Read6 documents5 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 95.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
TensorflowGoogle TensorflowIntel Optimization FOR Tensorflow
Timeline
PublishedNov 5
Latest updateNov 10

Description

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for `SparseCountSparseOutput` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

NVDgoogle/tensorflow2.5.02.5.2+2
CVEListV5tensorflow/tensorflow< 2.4.4+2
PyPIintel/optimization_for_tensorflow2.6.02.6.1+4

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
Heap OOB read in `tf.raw_ops.SparseCountSparseOutput`2021-11-10
GHSA
Heap OOB read in `tf.raw_ops.SparseCountSparseOutput`2021-11-10
OSV
CVE-2021-41210: TensorFlow is an open source platform for machine learning2021-11-05
CVEList
Heap OOB read in `tf.raw_ops.SparseCountSparseOutput`2021-11-05

📋Vendor Advisories

1
Debian
CVE-2021-41210: tensorflow - TensorFlow is an open source platform for machine learning. In affected versions...2021
CVE-2021-41210 — Out-of-bounds Read in Tensorflow | cvebase