Lucene search
PRIOn knowledge basePRION:CVE-2021-29515HistoryMay 14, 2021 - 8:15 p.m.
Design/Logic Flaw
2021-05-1420:15:00
PRIOn knowledge base
www.prio-n.com
6
0.0005 Low
EPSS
Percentile
17.8%
TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag* operations(https://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L195-L197) does not validate that the tensor arguments are non-empty. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | ge | 2.4.0 | |
| tensorflow | lt | 2.4.2 | |
| tensorflow | ge | 2.3.0 | |
| tensorflow | lt | 2.3.3 | |
| tensorflow | ge | 2.2.0 | |
| tensorflow | lt | 2.2.3 | |
| tensorflow | lt | 2.1.4 |
Related
nvd
nvd
CVE-2021-29515
2021-05-14 20:15:11
osv
osv
PYSEC-2021-641
2021-05-14 20:15:00
Reference binding to null pointer in `MatrixDiag*` ops
2021-05-21 14:20:54
PYSEC-2021-152
2021-05-14 20:15:00
cve
cve
CVE-2021-29515
2021-05-14 20:15:11
github
github
Reference binding to null pointer in `MatrixDiag*` ops
2021-05-21 14:20:54
veracode
veracode
Denial Of Service (DoS)
2021-05-17 05:53:49
cvelist
cvelist
CVE-2021-29515 Reference binding to null pointer in `MatrixDiag*` ops
2021-05-14 19:36:20
ibm
ibm