Количество 4
Количество 4
CVE-2021-37652
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55) uses a reference counted resource and decrements the refcount if the initialization fails, as it should. However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent `free`-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resourc
CVE-2021-37652
TensorFlow is an end-to-end open source platform for machine learning. ...
GHSA-m7fm-4jfh-jrg6
Use after free in boosted trees creation
openSUSE-SU-2022:10014-1
Security update for tensorflow2
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-37652 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55) uses a reference counted resource and decrements the refcount if the initialization fails, as it should. However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent `free`-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resourc | CVSS3: 7.8 | 0% Низкий | больше 4 лет назад |
| CVE-2021-37652 TensorFlow is an end-to-end open source platform for machine learning. ... | CVSS3: 7.8 | 0% Низкий | больше 4 лет назад |
| GHSA-m7fm-4jfh-jrg6 Use after free in boosted trees creation | CVSS3: 7.8 | 0% Низкий | больше 4 лет назад |
 | openSUSE-SU-2022:10014-1 Security update for tensorflow2 | больше 3 лет назад |
Уязвимостей на страницу