Lucene search
GoogleOSV:PYSEC-2021-150HistoryMay 14, 2021 - 8:15 p.m.
PYSEC-2021-150
2021-05-1420:15:00
Google
osv.dev
10
tensorflow
type confusion
vulnerability
fix
non-numeric tensors
python
c++ array
supported versions
EPSS
0.001
Percentile
17.8%
TensorFlow is an end-to-end open source platform for machine learning. Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++ array(https://github.com/tensorflow/tensorflow/blob/ff70c47a396ef1e3cb73c90513da4f5cb71bebba/tensorflow/python/lib/core/ndarray_tensor.cc#L113-L169) is vulnerable to a type confusion. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Related
osv
osv
BIT-tensorflow-2021-29513
2024-03-06 11:20:08
PYSEC-2021-441
2021-05-14 20:15:00
Type confusion during tensor casts lead to dereferencing null pointers
2021-05-21 14:20:46
veracode
veracode
Denial Of Service (DoS)
2021-05-17 05:10:40
cve
cve
CVE-2021-29513
2021-05-14 20:15:11
prion
prion
Type confusion
2021-05-14 20:15:00
cvelist
cvelist
github
github
Type confusion during tensor casts lead to dereferencing null pointers
2021-05-21 14:20:46
nvd
nvd
CVE-2021-29513
2021-05-14 20:15:11
ibm
ibm