Lucene search
China National Vulnerability DatabaseCNVD-2022-09856HistoryAug 30, 2021 - 12:00 a.m.
Google TensorFlow code issue vulnerability (CNVD-2022-09856)
2021-08-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
0.0004 Low
EPSS
Percentile
12.8%
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A code issue vulnerability exists in Google TensorFlow, which stems from the fact that when a tensor is recovered via the raw API, TensorFlow could be tricked into referencing a null pointer if a tensor name is not provided. An attacker could exploit the vulnerability by providing some tensor names to read memory outside the boundaries of the heap allocation data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| google tensorflow | lt | 2.6.0 | |
| google tensorflow | lt | 2.5.1 | |
| google tensorflow | lt | 2.4.3 | |
| google tensorflow | lt | 2.3.4 |
Related
osv
osv
PYSEC-2021-552
2021-08-12 19:15:00
Null pointer dereference and heap OOB read in operations restoring tensors
2021-08-25 14:44:05
PYSEC-2021-261
2021-08-12 19:15:00
cvelist
cvelist
CVE-2021-37639 Null pointer dereference and heap OOB read in TensorFlow
2021-08-12 18:10:15
prion
prion
Out-of-bounds
2021-08-12 19:15:00
nvd
nvd
CVE-2021-37639
2021-08-12 19:15:08
github
github
Null pointer dereference and heap OOB read in operations restoring tensors
2021-08-25 14:44:05
cve
cve
CVE-2021-37639
2021-08-12 19:15:08
ibm
ibm
nessus
nessus
openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)
2022-06-19 00:00:00
suse
suse
Security update for tensorflow2 (moderate)
2022-06-18 00:00:00