Lucene search
GoogleOSV:PYSEC-2021-200HistoryMay 14, 2021 - 8:15 p.m.
PYSEC-2021-200
2021-05-1420:15:00
Google
osv.dev
8
0.0004 Low
EPSS
Percentile
12.8%
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.raw_ops.RFFT. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | eq | 1.10.0 | |
| tensorflow | eq | 1.6.0 | |
| tensorflow | eq | 1.12.0 | |
| tensorflow | eq | 1.13.0rc0 | |
| tensorflow | eq | 1.7.0rc0 | |
| tensorflow | eq | 1.9.0 | |
| tensorflow | eq | 1.2.0rc0 | |
| tensorflow | eq | 2.4.2 | |
| tensorflow | eq | 2.0.1 | |
| tensorflow | eq | 1.4.0rc1 |
Related
osv
osv
PYSEC-2021-689
2021-05-14 20:15:00
CHECK-fail in `tf.raw_ops.RFFT`
2021-05-21 14:25:05
PYSEC-2021-491
2021-05-14 20:15:00
cve
cve
CVE-2021-29563
2021-05-14 20:15:13
cvelist
cvelist
CVE-2021-29563 CHECK-fail in `tf.raw_ops.RFFT`
2021-05-14 19:17:07
github
github
CHECK-fail in `tf.raw_ops.RFFT`
2021-05-21 14:25:05
prion
prion
Code injection
2021-05-14 20:15:00
nvd
nvd
CVE-2021-29563
2021-05-14 20:15:13
ibm
ibm