Lucene search
China National Vulnerability DatabaseCNVD-2022-09870HistoryNov 24, 2021 - 12:00 a.m.
Google TensorFlow buffer overflow vulnerability (CNVD-2022-09870)
2021-11-2400:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
0.0005 Low
EPSS
Percentile
18.0%
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer overflow vulnerability exists in Google TensorFlow, which stems from the shape inference code of “tf.ragged.cross” having undefined behavior due to a reference to “nullptr” bound in the affected version. and has undefined behavior. No details of the vulnerability are currently available.
| CPE | Name | Operator | Version |
|---|---|---|---|
| google tensorflow | lt | 2.7.0 | |
| google tensorflow | lt | 2.6.1 | |
| google tensorflow | lt | 2.5.2 | |
| google tensorflow | lt | 2.4.4 |
Related
cve
cve
CVE-2021-41214
2021-11-05 21:15:08
osv
osv
CVE-2021-41214
2021-11-05 21:15:08
PYSEC-2021-623
2021-11-05 21:15:00
Reference binding to `nullptr` in `tf.ragged.cross`
2021-11-10 18:58:16
prion
prion
Stack overflow
2021-11-05 21:15:00
github
github
Reference binding to `nullptr` in `tf.ragged.cross`
2021-11-10 18:58:16
cvelist
cvelist
CVE-2021-41214 Reference binding to `nullptr` in `tf.ragged.cross`
2021-11-05 20:50:11
nvd
nvd
CVE-2021-41214
2021-11-05 21:15:08
