Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-29613

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Published

2021-05-14T20:15:16.037

Last Modified

2024-11-21T06:01:29.693

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-665
Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	google	tensorflow	< 2.1.4	Yes
Application	google	tensorflow	< 2.2.3	Yes
Application	google	tensorflow	< 2.3.3	Yes
Application	google	tensorflow	< 2.4.2	Yes

References

https://github.com/tensorflow/tensorflow/commit/14607c0707040d775e06b6817325640cb4b5864c Patch, Third Party Advisory ([email protected])
https://github.com/tensorflow/tensorflow/commit/4504a081af71514bb1828048363e6540f797005b Patch, Third Party Advisory ([email protected])
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vvg4-vgrv-xfr7 Exploit, Patch, Third Party Advisory ([email protected])
https://github.com/tensorflow/tensorflow/commit/14607c0707040d775e06b6817325640cb4b5864c Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tensorflow/tensorflow/commit/4504a081af71514bb1828048363e6540f797005b Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vvg4-vgrv-xfr7 Exploit, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)