PYSEC-2021-612
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-cpu/PYSEC-2021-612.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2021-612
- Aliases
- Published
- 2021-11-05T22:15:00Z
- Modified
- 2023-12-06T00:46:32.175058Z
- Summary
- [none]
- Details
-
TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the
tf.rangekernel, there is a conditional statement of typeint64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition will be cast todoubleand the result would be truncated before the assignment. This result in overflows. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. - References
-
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx
- https://github.com/tensorflow/tensorflow/commit/1b0e0ec27e7895b9985076eab32445026ae5ca94
- https://github.com/tensorflow/tensorflow/issues/46912
- https://github.com/tensorflow/tensorflow/issues/46889
- https://github.com/tensorflow/tensorflow/commit/6d94002a09711d297dbba90390d5482b76113899
Affected packages
PyPI / tensorflow-cpu
Package
- Name
- tensorflow-cpu
- View open source insights on deps.dev
- Purl
- pkg:pypi/tensorflow-cpu
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tensorflow/tensorflow
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.4Introduced2.5.0Fixed2.5.2Introduced2.6.0Fixed2.6.1Introduced2.7.0rc0Fixed2.7.0