Lucene search
GoogleOSV:PYSEC-2021-413HistoryNov 05, 2021 - 11:15 p.m.
PYSEC-2021-413
2021-11-0523:15:00
Google
osv.dev
13
tensorflow
machine learning
security
heap buffer overflow
EPSS
0.001
Percentile
17.8%
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn* operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, input_h and input_c parameters are not validated, but code assumes they have certain values. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
Related
osv
osv
PYSEC-2021-828
2021-11-05 23:15:00
PYSEC-2021-630
2021-11-05 23:15:00
Access to invalid memory during shape inference in `Cudnn*` ops
2021-11-10 18:50:17
nvd
nvd
CVE-2021-41221
2021-11-05 23:15:08
cvelist
cvelist
cnvd
cnvd
Google TensorFlow buffer overflow vulnerability (CNVD-2021-87033)
2021-11-09 00:00:00
github
github
Access to invalid memory during shape inference in `Cudnn*` ops
2021-11-10 18:50:17
cve
cve
CVE-2021-41221
2021-11-05 23:15:08
prion
prion
Heap overflow
2021-11-05 23:15:00
