Vulnerability CVE-2021-29617
Published: 2021-05-14

Description:
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with invalid arguments. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Type:

CWE-755

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Google -> Tensorflow 

 References:
https://github.com/tensorflow/tensorflow/commit/890f7164b70354c57d40eda52dcdd7658677c09f
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mmq6-q8r3-48fm
https://github.com/tensorflow/issues/46974
https://github.com/tensorflow/issues/46900
Copyright 2024, cxsecurity.com

 

Back to Top