6 matches found
SUSE CVE-2021-37692
TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...
complaintclassify (=0.0.9) potentially affected by CVE-2021-37692 via tensorflow-cpu (=2.4.0)
tensorflow-cpu PYPI version =2.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - complaintclassify =0.0.9 Source cves: CVE-2021-37692 Source advisory: OSV:PYSEC-2021-605...
deep-floorplan (=0.0.0), mpunet (=0.2.9) +1 more potentially affected by CVE-2021-37692 via tensorflow-gpu (>=2.3.0 <=2.3.2)
tensorflow-gpu PYPI version =2.3.0, =1.1.0, =1.6.1 Source cves: CVE-2021-37692 Source advisory: OSV:PYSEC-2021-803...
brainhance (=0.0.1), crystal4d (>=0.0.4 <=0.1.2) +4 more potentially affected by CVE-2021-37692 via tensorflow-gpu (>=2.4.0 <=2.4.2)
tensorflow-gpu PYPI version =2.4.0, =0.0.4, =1.1.1, =0.1.0.dev98, =1.0.0, =1.0.1 - tf-yarn-gpu =0.6.3 Source cves: CVE-2021-37692 Source advisory: OSV:PYSEC-2021-803...
CVE-2021-37692
CVE-2021-37692 affects TensorFlow and centers on a segfault in string tensor deallocation during garbage collection when the encoding of a string tensor fails (e.g., mismatched dimensions). The root cause is an assumption that encoding succeeded, leading to use of the finalizer of the tensor with...
CVE-2021-37692
TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...