Lucene search
GoogleOSV:PYSEC-2021-630HistoryNov 05, 2021 - 11:15 p.m.
PYSEC-2021-630
2021-11-0523:15:00
Google
osv.dev
15
tensorflow
machine learning
heap buffer overflow
EPSS
0.001
Percentile
17.8%
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn* operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, input_h and input_c parameters are not validated, but code assumes they have certain values. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
Related
osv
osv
PYSEC-2021-828
2021-11-05 23:15:00
PYSEC-2021-413
2021-11-05 23:15:00
Access to invalid memory during shape inference in `Cudnn*` ops
2021-11-10 18:50:17
nvd
nvd
CVE-2021-41221
2021-11-05 23:15:08
cvelist
cvelist
cnvd
cnvd
Google TensorFlow buffer overflow vulnerability (CNVD-2021-87033)
2021-11-09 00:00:00
github
github
Access to invalid memory during shape inference in `Cudnn*` ops
2021-11-10 18:50:17
cve
cve
CVE-2021-41221
2021-11-05 23:15:08
prion
prion
Heap overflow
2021-11-05 23:15:00
