PYSEC-2021-191

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow/PYSEC-2021-191.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2021-191

Aliases

Published

2021-05-14T19:15:00Z

Modified

2023-12-06T00:46:04.234148Z

Summary

[none]

Details

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.DenseCountSparseOutput. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/efff014f3b2d8ef6141da30c806faf141297eca1/tensorflow/core/kernels/count_ops.cc#L123-L127) computes a divisor value from user data but does not check that the result is 0 before doing the division. Since data is given by the values argument, num_batch_elements is 0. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, and TensorFlow 2.3.3, as these are also affected.

References

Affected packages

PyPI / tensorflow

Package

Name: tensorflow; View open source insights on deps.dev
Purl: pkg:pypi/tensorflow

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

da5ff2daf618591f64b2b62d9d9803951b945e9f

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.4

Introduced

2.2.0

Fixed

2.2.3

Introduced

2.3.0

Fixed

2.3.3

Introduced

2.4.0

Fixed

2.4.2

Affected versions

0.*

0.12.0rc0

0.12.0rc1

0.12.0

0.12.1

1.*

1.0.0

1.0.1

1.1.0rc0

1.1.0rc1

1.1.0rc2

1.1.0

1.2.0rc0

1.2.0rc1

1.2.0rc2

1.2.0

1.2.1

1.3.0rc0

1.3.0rc1

1.3.0rc2

1.3.0

1.4.0rc0

1.4.0rc1

1.4.0

1.4.1

1.5.0rc0

1.5.0rc1

1.5.0

1.5.1

1.6.0rc0

1.6.0rc1

1.6.0

1.7.0rc0

1.7.0rc1

1.7.0

1.7.1

1.8.0rc0

1.8.0rc1

1.8.0

1.9.0rc0

1.9.0rc1

1.9.0rc2

1.9.0

1.10.0rc0

1.10.0rc1

1.10.0

1.10.1

1.11.0rc0

1.11.0rc1

1.11.0rc2

1.11.0

1.12.0rc0

1.12.0rc1

1.12.0rc2

1.12.0

1.12.2

1.12.3

1.13.0rc0

1.13.0rc1

1.13.0rc2

1.13.1

1.13.2

1.14.0rc0

1.14.0rc1

1.14.0

1.15.0rc0

1.15.0rc1

1.15.0rc2

1.15.0rc3

1.15.0

1.15.2

1.15.3

1.15.4

1.15.5

2.*

2.0.0a0

2.0.0b0

2.0.0b1

2.0.0rc0

2.0.0rc1

2.0.0rc2

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.1.0rc0

2.1.0rc1

2.1.0rc2

2.1.0

2.1.1

2.1.2

2.1.3

2.2.0

2.2.1

2.2.2

2.3.0

2.3.1

2.3.2

2.4.0

2.4.1