CVE-2021-29520 log
Source |
|
Severity | Low |
Remote | No |
Type | Arbitrary code execution |
Description | A security issue has been found in TensorFlow before version 2.4.2. Missing validation between arguments to `tf.raw_ops.Conv3DBackprop*` operations can result in heap buffer overflows. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/4814fafb0ca6b5ab58a09411523b2193fed23fed/tensorflow/core/kernels/conv_grad_shape_utils.cc#L94-L153) assumes that the `input`, `filter_sizes` and `out_backprop` tensors have the same shape, as they are accessed in parallel. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-1962 | tensorflow | 2.4.1-10 | 2.5.0-1 | Critical | Fixed |
References |
---|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-qrj6-9pfm https://github.com/tensorflow/tensorflow/commit/8f37b52e1320d8d72a9529b2468277791a261197 |