Lucene search

[email protected]NVD:CVE-2021-41218

HistoryNov 05, 2021 - 10:15 p.m.

CVE-2021-41218

2021-11-0522:15:08

CWE-369

[email protected]

web.nvd.nist.gov

tensorflow

machine learning

shape inference

division by 0

alltoall

split_count

fix

version 2.7.0

cherrypick

commit

version 2.6.1

version 2.5.2

version 2.4.4

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

12.6%

JSON

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for AllToAll can be made to execute a division by 0. This occurs whenever the split_count argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

Affected configurations

Nvd

Node

googletensorflowRange2.4.0–2.4.4

googletensorflowRange2.5.0–2.5.2

googletensorflowRange2.6.0–2.6.1

googletensorflowMatch2.7.0rc0

googletensorflowMatch2.7.0rc1

VendorProductVersionCPE
googletensorflow*cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
googletensorflow2.7.0cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*
googletensorflow2.7.0cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	tensorflow	*	cpe:2.3:a:google:tensorflow::::::::
google	tensorflow	2.7.0	cpe:2.3:a:google:tensorflow:2.7.0:rc0::::::
google	tensorflow	2.7.0	cpe:2.3:a:google:tensorflow:2.7.0:rc1::::::