Lucene search
GoogleOSV:PYSEC-2021-585HistoryAug 12, 2021 - 11:15 p.m.
PYSEC-2021-585
2021-08-1223:15:00
Google
osv.dev
9
tensorflow
sdcaoptimizerv2
heap data
vulnerability
patch
github commit
tensorflow 2.6.0
cherrypick
tensorflow 2.5.1
tensorflow 2.4.3
tensorflow 2.3.4
EPSS
0
Percentile
12.6%
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.raw_ops.SdcaOptimizerV2. The implementation does not check that the length of example_labels is the same as the number of examples. We have patched the issue in GitHub commit a4e138660270e7599793fa438cd7b2fc2ce215a6. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
Related
prion
prion
Out-of-bounds
2021-08-12 23:15:00
cvelist
cvelist
CVE-2021-37672 Heap OOB in `SdcaOptimizerV2` in TensorFlow
2021-08-12 22:20:11
veracode
veracode
Information Disclosure
2021-08-16 02:43:42
cnvd
cnvd
osv
osv
PYSEC-2021-783
2021-08-12 23:15:00
CVE-2021-37672
2021-08-12 23:15:07
Heap OOB in `SdcaOptimizerV2`
2021-08-25 14:41:39
github
github
Heap OOB in `SdcaOptimizerV2`
2021-08-25 14:41:39
cve
cve
CVE-2021-37672
2021-08-12 23:15:07
nvd
nvd
CVE-2021-37672
2021-08-12 23:15:07
suse
suse
Security update for tensorflow2 (moderate)
2022-06-18 00:00:00
nessus
nessus
openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)
2022-06-19 00:00:00
