Lucene search
GoogleOSV:PYSEC-2021-577HistoryAug 12, 2021 - 9:15 p.m.
PYSEC-2021-577
2021-08-1221:15:00
Google
osv.dev
9
tensorflow
machine learning
heap overflow
EPSS
0
Percentile
12.6%
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The implementation needs to validate that each value in stats_summary_indices is in range. We have patched the issue in GitHub commit e84c975313e8e8e38bb2ea118196369c45c51378. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
Related
nvd
nvd
CVE-2021-37664
2021-08-12 21:15:09
osv
osv
CVE-2021-37664
2021-08-12 21:15:09
Heap OOB in boosted trees
2021-08-25 14:42:20
PYSEC-2021-286
2021-08-12 21:15:00
prion
prion
Out-of-bounds
2021-08-12 21:15:00
cve
cve
CVE-2021-37664
2021-08-12 21:15:09
cvelist
cvelist
CVE-2021-37664 Heap OOB in boosted trees in TensorFlow
2021-08-12 20:25:23
github
github
Heap OOB in boosted trees
2021-08-25 14:42:20
cnvd
cnvd
Google TensorFlow buffer overflow vulnerability (CNVD-2021-64543)
2021-08-13 00:00:00
suse
suse
Security update for tensorflow2 (moderate)
2022-06-18 00:00:00
nessus
nessus
openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)
2022-06-19 00:00:00
