Lucene search
GoogleOSV:PYSEC-2021-286HistoryAug 12, 2021 - 9:15 p.m.
PYSEC-2021-286
2021-08-1221:15:00
Google
osv.dev
12
tensorflow
machine learning
security patch
heap allocation
github commit
tensorflow 2.6.0
EPSS
0
Percentile
12.6%
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The implementation needs to validate that each value in stats_summary_indices is in range. We have patched the issue in GitHub commit e84c975313e8e8e38bb2ea118196369c45c51378. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
Related
osv
osv
CVE-2021-37664
2021-08-12 21:15:09
Heap OOB in boosted trees
2021-08-25 14:42:20
PYSEC-2021-577
2021-08-12 21:15:00
nvd
nvd
CVE-2021-37664
2021-08-12 21:15:09
prion
prion
Out-of-bounds
2021-08-12 21:15:00
cve
cve
CVE-2021-37664
2021-08-12 21:15:09
cvelist
cvelist
CVE-2021-37664 Heap OOB in boosted trees in TensorFlow
2021-08-12 20:25:23
github
github
Heap OOB in boosted trees
2021-08-25 14:42:20
cnvd
cnvd
Google TensorFlow buffer overflow vulnerability (CNVD-2021-64543)
2021-08-13 00:00:00
suse
suse
Security update for tensorflow2 (moderate)
2022-06-18 00:00:00
nessus
nessus
openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)
2022-06-19 00:00:00
