PYSEC-2021-630

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-cpu/PYSEC-2021-630.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2021-630

Aliases

Published

2021-11-05T23:15:00Z

Modified

2023-12-06T00:46:33.337725Z

Summary

[none]

Details

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn* operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, input_h and input_c parameters are not validated, but code assumes they have certain values. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

References

Affected packages

PyPI / tensorflow-cpu

Package

Name: tensorflow-cpu; View open source insights on deps.dev
Purl: pkg:pypi/tensorflow-cpu

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

af5fcebb37c8b5d71c237f4e59c6477015c78ce6

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.4

Introduced

2.5.0

Fixed

2.5.2

Introduced

2.6.0

Fixed

2.6.1

Introduced

2.7.0rc0

Fixed

2.7.0

Affected versions

1.*

1.15.0

2.*

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.2.0

2.2.1

2.2.2

2.2.3

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.4.0

2.4.1

2.4.2

2.4.3

2.5.0

2.5.1

2.6.0

2.7.0rc0

2.7.0rc1