Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:BIT-TENSORFLOW-2021-37635
HistoryMar 06, 2024 - 11:17 a.m.

BIT-tensorflow-2021-37635

2024-03-0611:17:53
Google
osv.dev
10
tensorflow
machine learning
platform
heap allocation
vulnerability
patch
github
commit
fix

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

AI Score

7

Confidence

High

EPSS

0

Percentile

12.6%

JSON

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The implementation fails to validate that each reduction group does not overflow and that each corresponding index does not point to outside the bounds of the input tensor. We have patched the issue in GitHub commit 87158f43f05f2720a374f3e6d22a7aaa3a33f750. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

Related

osv 5
cve 1
nvd 1
github 1
cnvd 1
prion 1
cvelist 1
ibm 2
suse 1
nessus 1
osv
osv
Heap out of bounds access in sparse reduction operations
2021-08-25 14:44:17
PYSEC-2021-746
2021-08-12 21:15:00
PYSEC-2021-548
2021-08-12 21:15:00
cve
cve
CVE-2021-37635
2021-08-12 21:15:07
nvd
nvd
CVE-2021-37635
2021-08-12 21:15:07
github
github
Heap out of bounds access in sparse reduction operations
2021-08-25 14:44:17
cnvd
cnvd
Google TensorFlow TensorFlow sparse reduction information disclosure vulnerability
2021-08-13 00:00:00
prion
prion
Out-of-bounds
2021-08-12 21:15:00
cvelist
cvelist
CVE-2021-37635 Heap out of bounds access in sparse reduction operations in TensorFlow
2021-08-12 20:30:11
ibm
ibm
Security Bulletin: TensorFlow is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component
2023-05-08 21:31:46
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow
2021-12-17 04:21:06
suse
suse
Security update for tensorflow2 (moderate)
2022-06-18 00:00:00
nessus
nessus
openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)
2022-06-19 00:00:00

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

AI Score

7

Confidence

High

EPSS

0

Percentile

12.6%

JSON
Related for OSV:BIT-TENSORFLOW-2021-37635
osv5cve1nvd1github1cnvd1prion1cvelist1ibm2suse1nessus1