19 matches found
CVE-2021-41197
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...
`CHECK` failure in depthwise ops via overflows
Impact The implementation of depthwise ops in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor: python import tensorflow as tf input = tf.constant1, shape=1, 4, 4, 3, dtype=tf.float32 filtersizes =...
GHSA-RRX2-R989-2C43 Integer overflows in Tensorflow
Impact The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial of service: python import tensorflow as tf import...
GHSA-6445-FM66-FVQ2 Integer overflows in Tensorflow
Impact The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service: python import tensorflow as tf import numpy as np tf.rawops.AddManySparseToTensorsMap...
Integer overflows in Tensorflow
Impact The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service: python import tensorflow as tf import numpy as np tf.rawops.AddManySparseToTensorsMap...
GHSA-WCV5-VRVR-3RX2 Integer Overflow or Wraparound in TensorFlow
Impact The Grappler component of TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure in constant folding: cc for const auto& outputprop : outputprops const PartialTensorShape outputshapeoutputprop.shape; // ... The outputprop tensor has a shape that is controlled b...
Integer Overflow or Wraparound in TensorFlow
Impact The Grappler component of TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure in constant folding: cc for const auto& outputprop : outputprops const PartialTensorShape outputshapeoutputprop.shape; // ... The outputprop tensor has a shape that is controlled b...
iqradre (>=0.1.5 <=0.2.1), lurara (>=0.1.0 <=0.1.1) +5 more potentially affected by CVE-2021-41197 via tensorflow-gpu (=2.6.0)
tensorflow-gpu PYPI version =2.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - iqradre =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2021-41197 Source advisory: OSV:GHSA-PRCG-WP5Q-RV7P...
bent (>=0.0.9 <=0.0.80), tensorflow-recommenders-addons-gpu (>=0.3.0 <=0.4.1) potentially affected by CVE-2021-41197 via tensorflow-gpu (=2.5.1)
tensorflow-gpu PYPI version =2.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - bent =0.0.9, =0.3.0, =0.4.1 Source cves: CVE-2021-41197 Source advisory: OSV:GHSA-PRCG-WP5Q-RV7P...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +169 more potentially affected by CVE-2021-41197 via tensorflow-gpu (>=1.10.1 <=2.4.2)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 and more Source cves: CVE-2021-41197 Source advisory: OSV:GHSA-PRCG-WP5Q-RV7P...
alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +35 more potentially affected by CVE-2021-41197 via tensorflow (>=2.6.0 <=2.6.0rc2)
tensorflow PYPI version =2.6.0, =0.0.2, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =0.1.5, =0.2.1 and more Source cves: CVE-2021-41197 Source advisory: OSV:GHSA-PRCG-WP5Q-RV7P...
alphapulldown (>=0.21.2 <=0.22.3), analytics-lib (>=0.0.1 <=0.0.2) +60 more potentially affected by CVE-2021-41197 via tensorflow (>=2.5.0 <=2.5.1)
tensorflow PYPI version =2.5.0, =0.21.2, =0.0.1, =1.1.0, =0.1.6, =0.8.1, =3.3.0, =0.0.24, =1.0.0, =2.0.2, =0.6.0, =0.8.0 and more Source cves: CVE-2021-41197 Source advisory: OSV:GHSA-PRCG-WP5Q-RV7P...
CVE-2021-41197
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...
alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +35 more potentially affected by CVE-2021-41197 via tensorflow (>=2.6.0 <=2.6.0rc2)
tensorflow PYPI version =2.6.0, =0.0.2, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =0.1.5, =0.2.1 and more Source cves: CVE-2021-41197 Source advisory: OSV:PYSEC-2021-390...
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4817 more potentially affected by CVE-2021-41197 via tensorflow (>=1.0.1 <=2.4.3)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2021-41197 Source advisory: OSV:PYSEC-2021-390...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +169 more potentially affected by CVE-2021-41197 via tensorflow-gpu (>=1.10.1 <=2.4.2)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 and more Source cves: CVE-2021-41197 Source advisory: OSV:PYSEC-2021-805...
a62-emotion (>=0.10.12 <=0.11.4), agent-atm (>=0.1.0 <=0.1.1) +101 more potentially affected by CVE-2021-41197 via tensorflow-cpu (>=1.15.0 <=2.4.0)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =0.1.0, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.1.0.dev202107081840 and more Source cves: CVE-2021-41197 Source advisory: OSV:PYSEC-2021-607...
CVE-2021-41197
CVE-2021-41197 concerns TensorFlow where treating large tensor shapes can overflow int64, causing a CHECK-failure abort during shape construction (notably in operations like tf.math.segment_, SparseCwise , and depthwise-related paths). The issue is addressed by upstream fixes, with the primary pa...
CVE-2021-41197 Crashes due to overflow and `CHECK`-fail in ops with large tensor shapes
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...