Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-37661

Опубликовано: 12 авг. 2021
Источник: nvd
CVSS3: 5.5
CVSS2: 2.1
EPSS Низкий

Описание

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in boosted_trees_create_quantile_stream_resource by using negative arguments. The implementation does not validate that num_streams only contains non-negative numbers. In turn, this results in using this value to allocate memory. However, reserve receives an unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned. This results in a crash from the standard library. We have patched the issue in GitHub commit 8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992. The fix will be included in TensorFlow 2

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Версия от 2.3.0 (включая) до 2.3.4 (исключая)
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Версия от 2.4.0 (включая) до 2.4.3 (исключая)
cpe:2.3:a:google:tensorflow:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:2.6.0:rc0:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:2.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:2.6.0:rc2:*:*:*:*:*:*

EPSS

Процентиль: 1%
0.00012
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-681
CWE-681

Связанные уязвимости

debian логотип

CVE-2021-37661

CVSS3: 5.5
debian
больше 4 лет назад

TensorFlow is an end-to-end open source platform for machine learning. ...

github логотип

GHSA-gf88-j2mg-cc82

CVSS3: 5.5
github
больше 4 лет назад

Crash caused by integer conversion to unsigned

suse-cvrf логотип

openSUSE-SU-2022:10014-1

suse-cvrf
больше 3 лет назад

Security update for tensorflow2

EPSS

Процентиль: 1%
0.00012
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-681
CWE-681