CVE-2021-29575
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-29575
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-29575.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-29575
- Aliases
- Published
- 2021-05-14T20:15:14Z
- Modified
- 2024-10-12T08:21:12.361195Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
TensorFlow is an end-to-end open source platform for machine learning. The implementation of
tf.raw_ops.ReverseSequenceallows for stack overflow and/orCHECK-fail based denial of service. The implementation(https://github.com/tensorflow/tensorflow/blob/5b3b071975e01f0d250c928b2a8f901cd53b90a7/tensorflow/core/kernels/reversesequenceop.cc#L114-L118) fails to validate thatseq_dimandbatch_dimarguments are valid. Negative values forseq_dimcan result in stack overflow orCHECK-failure, depending on the version of Eigen code used to implement the operation. Similar behavior can be exhibited by invalid values ofbatch_dim. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. - References
Affected packages
Git / github.com/tensorflow/tensorflow
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tensorflow/tensorflow
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed