Lucene search
GoogleOSV:PYSEC-2021-441HistoryMay 14, 2021 - 8:15 p.m.
PYSEC-2021-441
2021-05-1420:15:00
Google
osv.dev
7
tensorflow
machine learning
type confusion
vulnerability
version 2.5.0
cherrypick
supported range
EPSS
0.001
Percentile
17.8%
TensorFlow is an end-to-end open source platform for machine learning. Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++ array(https://github.com/tensorflow/tensorflow/blob/ff70c47a396ef1e3cb73c90513da4f5cb71bebba/tensorflow/python/lib/core/ndarray_tensor.cc#L113-L169) is vulnerable to a type confusion. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Related
osv
osv
BIT-tensorflow-2021-29513
2024-03-06 11:20:08
PYSEC-2021-150
2021-05-14 20:15:00
Type confusion during tensor casts lead to dereferencing null pointers
2021-05-21 14:20:46
veracode
veracode
Denial Of Service (DoS)
2021-05-17 05:10:40
cve
cve
CVE-2021-29513
2021-05-14 20:15:11
prion
prion
Type confusion
2021-05-14 20:15:00
cvelist
cvelist
github
github
Type confusion during tensor casts lead to dereferencing null pointers
2021-05-21 14:20:46
nvd
nvd
CVE-2021-29513
2021-05-14 20:15:11
ibm
ibm