17 matches found
CVE-2021-29614
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. The implementation of the padded...
deep-floorplan (=0.0.0), mpunet (=0.2.9) +1 more potentially affected by CVE-2021-29614 via tensorflow-gpu (>=2.3.0 <=2.3.2)
tensorflow-gpu PYPI version =2.3.0, =1.1.0, =1.6.1 Source cves: CVE-2021-29614 Source advisory: OSV:GHSA-8PMX-P244-G88H...
complaintclassify (=0.0.9) potentially affected by CVE-2021-29614 via tensorflow-cpu (=2.4.0)
tensorflow-cpu PYPI version =2.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - complaintclassify =0.0.9 Source cves: CVE-2021-29614 Source advisory: OSV:GHSA-8PMX-P244-G88H...
brainhance (=0.0.1), crystal4d (>=0.0.4 <=0.1.2) +3 more potentially affected by CVE-2021-29614 via tensorflow-gpu (>=2.4.0 <=2.4.1)
tensorflow-gpu PYPI version =2.4.0, =0.0.4, =1.1.1, =1.0.0, =1.0.1 - tf-yarn-gpu =0.6.3 Source cves: CVE-2021-29614 Source advisory: OSV:GHSA-8PMX-P244-G88H...
aiproteomics (=0.2.1), alpharing (>=1.0.0 <=2.0.0) +25 more potentially affected by CVE-2021-29614 via tensorflow-cpu (>=1.15.0 <=2.1.0)
tensorflow-cpu PYPI version =1.15.0, =1.0.0, =0.0.1, =1.0.0.4, =0.1.0, =0.2.3, =0.0.5, =0.1.2, =1.0.0, =1.8.2, =1.6.1, =1.8.3 - netfl =1.5.0 and more Source cves: CVE-2021-29614 Source advisory: OSV:GHSA-8PMX-P244-G88H...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +161 more potentially affected by CVE-2021-29614 via tensorflow-gpu (>=1.10.1 <=2.1.1)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-29614 Source advisory: OSV:GHSA-8PMX-P244-G88H...
pycnet-audio (>=0.5.1 <=0.5.8) potentially affected by CVE-2021-29614 via tensorflow-cpu (=2.2.0)
tensorflow-cpu PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - pycnet-audio =0.5.1, =0.5.8 Source cves: CVE-2021-29614 Source advisory: OSV:GHSA-8PMX-P244-G88H...
c4v-py (>=0.1.0.dev1 <=0.1.0.dev202107081840) potentially affected by CVE-2021-29614 via tensorflow-cpu (=2.3.1)
tensorflow-cpu PYPI version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - c4v-py =0.1.0.dev1, =0.1.0.dev202107081840 Source cves: CVE-2021-29614 Source advisory: OSV:GHSA-8PMX-P244-G88H...
d3m-simon (=1.2.5), easyquake (>=1.3.0 <=1.4.0) potentially affected by CVE-2021-29614 via tensorflow-gpu (=2.2.0)
tensorflow-gpu PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - d3m-simon =1.2.5 - easyquake =1.3.0, =1.4.0 Source cves: CVE-2021-29614 Source advisory: OSV:GHSA-8PMX-P244-G88H...
complaintclassify (=0.0.9) potentially affected by CVE-2021-29614 via tensorflow-cpu (=2.4.0)
tensorflow-cpu PYPI version =2.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - complaintclassify =0.0.9 Source cves: CVE-2021-29614 Source advisory: OSV:PYSEC-2021-542...
brainhance (=0.0.1), crystal4d (>=0.0.4 <=0.1.2) +3 more potentially affected by CVE-2021-29614 via tensorflow-gpu (>=2.4.0 <=2.4.1)
tensorflow-gpu PYPI version =2.4.0, =0.0.4, =1.1.1, =1.0.0, =1.0.1 - tf-yarn-gpu =0.6.3 Source cves: CVE-2021-29614 Source advisory: OSV:PYSEC-2021-740...
accuinsight (>=1.0.62 <=3.0.0rc2), adapt-diagnostics (>=1.2.0 <=1.6.0) +110 more potentially affected by CVE-2021-29614 via tensorflow (>=2.3.0 <=2.3.2)
tensorflow PYPI version =2.3.0, =1.0.62, =1.2.0, =0.1.0, =0.0.1a0, =0.0.1, =1.0.0rc1, =20210206.0.0, =0.1.0.dev1, =0.2.4, =1.0.1.0, =1.0.3 - cardec-cite =1.1.0 and more Source cves: CVE-2021-29614 Source advisory: OSV:PYSEC-2021-251...
abmarl (>=0.1.1 <=0.1.3), agrothon (>=1.1.5 <=1.3.2) +92 more potentially affected by CVE-2021-29614 via tensorflow (>=2.4.0 <=2.4.1)
tensorflow PYPI version =2.4.0, =0.1.1, =1.1.5, =2.1.0, =0.0.1, =0.0.6, =0.1.0, =1.4.0, =1.2.2, =20210221.0.0, =0.7.2, =0.0.0, =0.0.0.post0 and more Source cves: CVE-2021-29614 Source advisory: OSV:PYSEC-2021-251...
deep-floorplan (=0.0.0), mpunet (=0.2.9) +1 more potentially affected by CVE-2021-29614 via tensorflow-gpu (>=2.3.0 <=2.3.2)
tensorflow-gpu PYPI version =2.3.0, =1.1.0, =1.6.1 Source cves: CVE-2021-29614 Source advisory: OSV:PYSEC-2021-740...
d3m-simon (=1.2.5), easyquake (>=1.3.0 <=1.4.0) potentially affected by CVE-2021-29614 via tensorflow-gpu (=2.2.0)
tensorflow-gpu PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - d3m-simon =1.2.5 - easyquake =1.3.0, =1.4.0 Source cves: CVE-2021-29614 Source advisory: OSV:PYSEC-2021-740...
CVE-2021-29614
CVE-2021-29614 affects TensorFlow: the tf.io.decode_raw path (padded version) mishandles fixed_length with wider datatypes, advancing the output pointer by fixed_length bytes even when only fixed_length bytes are copied. This causes parts of input not to be decoded and can lead to out-of-bounds w...
CVE-2021-29614 Interpreter crash from `tf.io.decode_raw`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. The implementation of the padded...