Lucene search
China National Vulnerability DatabaseCNVD-2022-09856HistoryAug 30, 2021 - 12:00 a.m.
Google TensorFlow code issue vulnerability (CNVD-2022-09856)
2021-08-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
google tensorflow
machine learning
code issue
vulnerability
raw api
null pointer
heap allocation
EPSS
0
Percentile
12.6%
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A code issue vulnerability exists in Google TensorFlow, which stems from the fact that when a tensor is recovered via the raw API, TensorFlow could be tricked into referencing a null pointer if a tensor name is not provided. An attacker could exploit the vulnerability by providing some tensor names to read memory outside the boundaries of the heap allocation data.
Related
cvelist
cvelist
CVE-2021-37639 Null pointer dereference and heap OOB read in TensorFlow
2021-08-12 18:10:15
osv
osv
PYSEC-2021-552
2021-08-12 19:15:00
Null pointer dereference and heap OOB read in operations restoring tensors
2021-08-25 14:44:05
PYSEC-2021-750
2021-08-12 19:15:00
prion
prion
Out-of-bounds
2021-08-12 19:15:00
cve
cve
CVE-2021-37639
2021-08-12 19:15:08
nvd
nvd
CVE-2021-37639
2021-08-12 19:15:08
github
github
Null pointer dereference and heap OOB read in operations restoring tensors
2021-08-25 14:44:05
ibm
ibm
suse
suse
Security update for tensorflow2 (moderate)
2022-06-18 00:00:00
nessus
nessus
openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)
2022-06-19 00:00:00