Lucene search
PRIOn knowledge basePRION:CVE-2021-37664HistoryAug 12, 2021 - 9:15 p.m.
Out-of-bounds
2021-08-1221:15:00
PRIOn knowledge base
www.prio-n.com
0.0004 Low
EPSS
Percentile
12.8%
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The implementation needs to validate that each value in stats_summary_indices is in range. We have patched the issue in GitHub commit e84c975313e8e8e38bb2ea118196369c45c51378. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | ge | 2.4.0 | |
| tensorflow | lt | 2.4.3 | |
| tensorflow | eq | 2.6.0 rc2 | |
| tensorflow | eq | 2.6.0 rc1 | |
| tensorflow | eq | 2.6.0 rc0 | |
| tensorflow | ge | 2.3.0 | |
| tensorflow | lt | 2.3.4 | |
| tensorflow | eq | 2.5.0 |
Related
nvd
nvd
CVE-2021-37664
2021-08-12 21:15:09
cve
cve
CVE-2021-37664
2021-08-12 21:15:09
osv
osv
Heap OOB in boosted trees
2021-08-25 14:42:20
CVE-2021-37664
2021-08-12 21:15:09
PYSEC-2021-775
2021-08-12 21:15:00
cvelist
cvelist
CVE-2021-37664 Heap OOB in boosted trees in TensorFlow
2021-08-12 20:25:23
cnvd
cnvd
Google TensorFlow buffer overflow vulnerability (CNVD-2021-64543)
2021-08-13 00:00:00
github
github
Heap OOB in boosted trees
2021-08-25 14:42:20
suse
suse
Security update for tensorflow2 (moderate)
2022-06-18 00:00:00
nessus
nessus
openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)
2022-06-19 00:00:00
