exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2021-37658

больше 4 лет назад

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of `k` is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. We have patched the issue in GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

CVSS3: 7.1

EPSS: Низкий

CVE-2021-37658

больше 4 лет назад

TensorFlow is an end-to-end open source platform for machine learning. ...

CVSS3: 7.1

EPSS: Низкий

GHSA-6p5r-g9mq-ggh2

больше 4 лет назад

Reference binding to nullptr in `MatrixSetDiagV*` ops

CVSS3: 7.1

EPSS: Низкий

openSUSE-SU-2022:10014-1

больше 3 лет назад

Security update for tensorflow2

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2021-37658 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of `k` is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. We have patched the issue in GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.	CVSS3: 7.1	0% Низкий	больше 4 лет назад
CVE-2021-37658 TensorFlow is an end-to-end open source platform for machine learning. ...	CVSS3: 7.1	0% Низкий	больше 4 лет назад
GHSA-6p5r-g9mq-ggh2 Reference binding to nullptr in `MatrixSetDiagV*` ops	CVSS3: 7.1	0% Низкий	больше 4 лет назад
openSUSE-SU-2022:10014-1 Security update for tensorflow2			больше 3 лет назад

Уязвимостей на страницу