exploitDog

GHSA-rg3m-hqc5-344v

Опубликовано: 10 нояб. 2021

Источник: github

Github: Прошло ревью

CVSS4: 6.9

CVSS3: 7.1

Описание

SparseFillEmptyRows heap OOB

Impact

The implementation of SparseFillEmptyRows can be made to trigger a heap OOB access:

import tensorflow as tf data=tf.raw_ops.SparseFillEmptyRows( indices=[[0,0],[0,0],[0,0]], values=['sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss'], dense_shape=[5,3], default_value='o')

This occurs whenever the size of indices does not match the size of values.

Patches

We have patched the issue in GitHub commit 67bfd9feeecfb3c61d80f0e46d89c170fbee682b.

The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Ссылки

Пакеты

Наименование

tensorflow

pip

Затронутые версииВерсия исправления

>= 2.6.0, < 2.6.1

2.6.1

Наименование

tensorflow

pip

Затронутые версииВерсия исправления

>= 2.5.0, < 2.5.2

2.5.2

Наименование

tensorflow

pip

Затронутые версииВерсия исправления

< 2.4.4

2.4.4

Наименование

tensorflow-cpu

pip

Затронутые версииВерсия исправления

>= 2.6.0, < 2.6.1

2.6.1

Наименование

tensorflow-cpu

pip

Затронутые версииВерсия исправления

>= 2.5.0, < 2.5.2

2.5.2

Наименование

tensorflow-cpu

pip

Затронутые версииВерсия исправления

< 2.4.4

2.4.4

Наименование

tensorflow-gpu

pip

Затронутые версииВерсия исправления

>= 2.6.0, < 2.6.1

2.6.1

Наименование

tensorflow-gpu

pip

Затронутые версииВерсия исправления

>= 2.5.0, < 2.5.2

2.5.2

Наименование

tensorflow-gpu

pip

Затронутые версииВерсия исправления

< 2.4.4

2.4.4

EPSS

Процентиль: 4%

0.00019

Низкий

6.9 Medium

CVSS4

7.1 High

CVSS3

CVE ID

Дефекты

CWE-125

Связанные уязвимости

CVE-2021-41224

CVSS3: 7.1

nvd

больше 4 лет назад

TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB access. This occurs whenever the size of `indices` does not match the size of `values`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

CVE-2021-41224

CVSS3: 7.1

debian

больше 4 лет назад

TensorFlow is an open source platform for machine learning. In affecte ...

EPSS

Процентиль: 4%

0.00019

Низкий

6.9 Medium

CVSS4

7.1 High

CVSS3

CVE ID

Дефекты

CWE-125