Lucene search
GoogleOSV:CVE-2021-29592HistoryMay 14, 2021 - 8:15 p.m.
CVE-2021-29592
2021-05-1420:15:15
Google
osv.dev
3
tensorflow
fix
null-buffer-backed
vulnerability
EPSS
0.002
Percentile
52.3%
TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209(https://vulners.com/cve/CVE-2020-15209) missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the vulnerability(https://github.com/tensorflow/tensorflow/blob/9c1dc920d8ffb4893d6c9d27d1f039607b326743/tensorflow/lite/core/subgraph.cc#L1062-L1074) allowed passing a null-buffer-backed tensor with a 1D shape. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Related
prion
prion
Null pointer dereference
2021-05-14 20:15:00
Null pointer dereference
2020-09-25 19:15:00
github
github
Null pointer dereference in TFLite's `Reshape` operator
2021-05-21 14:26:58
Null pointer dereference in tensorflow-lite
2020-09-25 18:28:46
osv
osv
PYSEC-2021-520
2021-05-14 20:15:00
BIT-tensorflow-2021-29592
2024-03-06 11:18:29
Null pointer dereference in TFLite's `Reshape` operator
2021-05-21 14:26:58
cve
cve
CVE-2021-29592
2021-05-14 20:15:15
CVE-2020-15209
2020-09-25 19:15:16
cvelist
cvelist
CVE-2021-29592 Null pointer dereference in TFLite's `Reshape` operator
2021-05-14 19:22:22
CVE-2020-15209 Null pointer dereference in tensorflow-lite
2020-09-25 18:45:35
nvd
nvd
CVE-2021-29592
2021-05-14 20:15:15
CVE-2020-15209
2020-09-25 19:15:16
veracode
veracode
Denial Of Service (DoS)
2021-05-17 07:04:16
Denial Of Service (DoS)
2020-09-28 08:01:22
suse
suse
Security update for tensorflow2 (moderate)
2020-10-29 00:00:00
nessus
nessus
openSUSE Security Update : tensorflow2 (openSUSE-2020-1766)
2020-10-30 00:00:00
openvas
openvas
openSUSE: Security Advisory for tensorflow2 (openSUSE-SU-2020:1766-1)
2020-10-30 00:00:00
