Lucene search
PRIOn knowledge basePRION:CVE-2021-29611HistoryMay 14, 2021 - 8:15 p.m.
Input validation
2021-05-1420:15:00
PRIOn knowledge base
www.prio-n.com
4
0.0004 Low
EPSS
Percentile
13.0%
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The implementation(https://github.com/tensorflow/tensorflow/blob/e87b51ce05c3eb172065a6ea5f48415854223285/tensorflow/core/kernels/sparse_reshape_op.cc#L40) has no validation that the input arguments specify a valid sparse tensor. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3, as these are the only affected versions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | ge | 2.4.0 | |
| tensorflow | lt | 2.4.2 | |
| tensorflow | ge | 2.3.0 | |
| tensorflow | lt | 2.3.3 | |
| tensorflow | ge | 2.2.0 | |
| tensorflow | lt | 2.2.3 | |
| tensorflow | lt | 2.1.4 |
Related
nvd
nvd
CVE-2021-29611
2021-05-14 20:15:15
osv
osv
PYSEC-2021-737
2021-05-14 20:15:00
BIT-tensorflow-2021-29611
2024-03-06 11:18:05
CVE-2021-29611
2021-05-14 20:15:15
github
github
Incomplete validation in `SparseReshape`
2021-05-21 14:28:35
cve
cve
CVE-2021-29611
2021-05-14 20:15:15
cvelist
cvelist
CVE-2021-29611 Incomplete validation in `SparseReshape`
2021-05-14 19:20:43
ibm
ibm