CVE-2021-41225

Опубликовано: 05 нояб. 2021

Источник: nvd

CVSS3: 5.5

CVSS3: 7.8

CVSS2: 2.1

EPSS Низкий

Описание

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the train_nodes vector (obtained from the saved model that gets optimized) does not contain a Dequeue node, then dequeue_node is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

Ссылки

https://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3
Patch
Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw
Exploit
Patch
Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3
Patch
Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*

Версия от 2.4.0 (включая) до 2.4.4 (исключая)

cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*

Версия от 2.5.0 (включая) до 2.5.2 (исключая)

cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*

Версия от 2.6.0 (включая) до 2.6.1 (исключая)

cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*

cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*

EPSS

Процентиль: 4%

0.00018

Низкий

5.5 Medium

CVSS3

7.8 High

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-908

Связанные уязвимости

CVE-2021-41225

CVSS3: 5.5

debian

больше 4 лет назад

TensorFlow is an open source platform for machine learning. In affecte ...

GHSA-7r94-xv9v-63jw

CVSS3: 5.5

github

около 4 лет назад

A use of uninitialized value vulnerability in Tensorflow

EPSS

Процентиль: 4%

0.00018

Низкий

5.5 Medium

CVSS3

7.8 High

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-908