Lucene search
GoogleOSV:CVE-2021-29577HistoryMay 14, 2021 - 8:15 p.m.
CVE-2021-29577
2021-05-1420:15:14
Google
osv.dev
6
tensorflow
avgpool3dgrad
heap buffer overflow
vulnerability
fix
software
machine learning
open source
platform
implementation
tensors
dimensions
commit
supported range
EPSS
0.001
Percentile
17.8%
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The implementation(https://github.com/tensorflow/tensorflow/blob/d80ffba9702dc19d1fac74fc4b766b3fa1ee976b/tensorflow/core/kernels/pooling_ops_3d.cc#L376-L450) assumes that the orig_input_shape and grad tensors have similar first and last dimensions but does not check that this assumption is validated. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Related
osv
osv
PYSEC-2021-703
2021-05-14 20:15:00
Heap buffer overflow in `AvgPool3DGrad`
2021-05-21 14:26:18
BIT-tensorflow-2021-29577
2024-03-06 11:18:48
veracode
veracode
Denial Of Service (DoS)
2021-05-17 11:36:18
prion
prion
Heap overflow
2021-05-14 20:15:00
github
github
Heap buffer overflow in `AvgPool3DGrad`
2021-05-21 14:26:18
nvd
nvd
CVE-2021-29577
2021-05-14 20:15:14
cvelist
cvelist
CVE-2021-29577 Heap buffer overflow in `AvgPool3DGrad`
2021-05-14 19:15:59
cve
cve
CVE-2021-29577
2021-05-14 20:15:14
ibm
ibm