Vulnerability CVE-2021-29618
Published: 2021-05-14

Description:
TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to `tf.transpose` at the same time as passing `conjugate=True` argument results in a crash. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Type:

CWE-755

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Google -> Tensorflow 

 References:
https://github.com/tensorflow/tensorflow/commit/1dc6a7ce6e0b3e27a7ae650bfc05b195ca793f88
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xqfj-cr6q-pc8w
https://github.com/tensorflow/issues/46973
https://github.com/tensorflow/issues/42105
Copyright 2024, cxsecurity.com

 

Back to Top