Lucene search
PRIOn knowledge basePRION:CVE-2021-29572HistoryMay 14, 2021 - 8:15 p.m.
Null pointer dereference
2021-05-1420:15:00
PRIOn knowledge base
www.prio-n.com
4
0.0004 Low
EPSS
Percentile
12.8%
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.SdcaOptimizer triggers undefined behavior due to dereferencing a null pointer. The implementation(https://github.com/tensorflow/tensorflow/blob/60a45c8b6192a4699f2e2709a2645a751d435cc3/tensorflow/core/kernels/sdca_internal.cc) does not validate that the user supplied arguments satisfy all constraints expected by the op(https://www.tensorflow.org/api_docs/python/tf/raw_ops/SdcaOptimizer). The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | ge | 2.4.0 | |
| tensorflow | lt | 2.4.2 | |
| tensorflow | ge | 2.3.0 | |
| tensorflow | lt | 2.3.3 | |
| tensorflow | ge | 2.2.0 | |
| tensorflow | lt | 2.2.3 | |
| tensorflow | lt | 2.1.4 |
Related
cve
cve
CVE-2021-29572
2021-05-14 20:15:13
osv
osv
PYSEC-2021-500
2021-05-14 20:15:00
PYSEC-2021-209
2021-05-14 20:15:00
Reference binding to nullptr in `SdcaOptimizer`
2021-05-21 14:25:31
veracode
veracode
Denial Of Service (DoS)
2021-05-17 11:05:51
nvd
nvd
CVE-2021-29572
2021-05-14 20:15:13
cvelist
cvelist
CVE-2021-29572 Reference binding to nullptr in `SdcaOptimizer`
2021-05-14 19:16:23
github
github
Reference binding to nullptr in `SdcaOptimizer`
2021-05-21 14:25:31
ibm
ibm