PYSEC-2021-229

2021-05-1420:15:00

Google

osv.dev

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.4%

JSON

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209(https://vulners.com/cve/CVE-2020-15209) missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the vulnerability(https://github.com/tensorflow/tensorflow/blob/9c1dc920d8ffb4893d6c9d27d1f039607b326743/tensorflow/lite/core/subgraph.cc#L1062-L1074) allowed passing a null-buffer-backed tensor with a 1D shape. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

CPENameOperatorVersion
tensorfloweq1.10.0
tensorfloweq1.6.0
tensorfloweq1.12.0
tensorfloweq1.13.0rc0
tensorfloweq1.7.0rc0
tensorfloweq1.9.0
tensorfloweq1.2.0rc0
tensorfloweq2.0.1
tensorfloweq1.4.0rc1
tensorfloweq2.2.0

Name	Operator	Version
tensorflow	eq	1.10.0
tensorflow	eq	1.6.0
tensorflow	eq	1.12.0
tensorflow	eq	1.13.0rc0
tensorflow	eq	1.7.0rc0
tensorflow	eq	1.9.0
tensorflow	eq	1.2.0rc0
tensorflow	eq	2.0.1
tensorflow	eq	1.4.0rc1
tensorflow	eq	2.2.0