Lucene search
PRIOn knowledge basePRION:CVE-2021-29570HistoryMay 14, 2021 - 8:15 p.m.
Out-of-bounds
2021-05-1420:15:00
PRIOn knowledge base
www.prio-n.com
2
0.0004 Low
EPSS
Percentile
12.6%
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation(https://github.com/tensorflow/tensorflow/blob/ef0c008ee84bad91ec6725ddc42091e19a30cf0e/tensorflow/core/kernels/maxpooling_op.cc#L1016-L1017) uses the same value to index in two different arrays but there is no guarantee that the sizes are identical. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | ge | 2.4.0 | |
| tensorflow | lt | 2.4.2 | |
| tensorflow | ge | 2.3.0 | |
| tensorflow | lt | 2.3.3 | |
| tensorflow | ge | 2.2.0 | |
| tensorflow | lt | 2.2.3 | |
| tensorflow | lt | 2.1.4 |
Related
cve
cve
CVE-2021-29570
2021-05-14 20:15:13
osv
osv
PYSEC-2021-207
2021-05-14 20:15:00
Heap out of bounds read in `MaxPoolGradWithArgmax`
2021-05-21 14:25:25
PYSEC-2021-696
2021-05-14 20:15:00
cvelist
cvelist
CVE-2021-29570 Heap out of bounds read in `MaxPoolGradWithArgmax`
2021-05-14 19:16:31
github
github
Heap out of bounds read in `MaxPoolGradWithArgmax`
2021-05-21 14:25:25
nvd
nvd
CVE-2021-29570
2021-05-14 20:15:13
veracode
veracode
Denial Of Service (DoS)
2021-05-17 08:55:27
ibm
ibm