Lucene search
GoogleOSV:PYSEC-2021-215HistoryMay 14, 2021 - 8:15 p.m.
PYSEC-2021-215
2021-05-1420:15:00
Google
osv.dev
7
0.0005 Low
EPSS
Percentile
17.8%
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The implementation(https://github.com/tensorflow/tensorflow/blob/dcba796a28364d6d7f003f6fe733d82726dda713/tensorflow/core/kernels/fractional_avg_pool_op.cc#L216) fails to validate that the pooling sequence arguments have enough elements as required by the out_backprop tensor shape. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | eq | 1.10.0 | |
| tensorflow | eq | 1.6.0 | |
| tensorflow | eq | 1.12.0 | |
| tensorflow | eq | 1.13.0rc0 | |
| tensorflow | eq | 1.7.0rc0 | |
| tensorflow | eq | 1.9.0 | |
| tensorflow | eq | 1.2.0rc0 | |
| tensorflow | eq | 2.0.1 | |
| tensorflow | eq | 1.4.0rc1 | |
| tensorflow | eq | 2.2.0 |
Related
github
github
Heap buffer overflow in `FractionalAvgPoolGrad`
2021-05-21 14:26:21
cve
cve
CVE-2021-29578
2021-05-14 20:15:14
osv
osv
PYSEC-2021-704
2021-05-14 20:15:00
Heap buffer overflow in `FractionalAvgPoolGrad`
2021-05-21 14:26:21
BIT-tensorflow-2021-29578
2024-03-06 11:18:47
cvelist
cvelist
CVE-2021-29578 Heap buffer overflow in `FractionalAvgPoolGrad`
2021-05-14 19:15:54
prion
prion
Heap overflow
2021-05-14 20:15:00
nvd
nvd
CVE-2021-29578
2021-05-14 20:15:14
ibm
ibm