Lucene search
GoogleOSV:CVE-2021-37643HistoryAug 12, 2021 - 7:15 p.m.
CVE-2021-37643
2021-08-1219:15:08
Google
osv.dev
3
tensorflow
machine learning
padding value
null pointer dereference
github
patch
tensorflow 2.6.0
cherrypick
EPSS
0
Percentile
12.6%
TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to tf.raw_ops.MatrixDiagPartOp, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The implementation reads the first value from a tensor buffer without first checking that the tensor has values to read from. We have patched the issue in GitHub commit 482da92095c4d48f8784b1f00dda4f81c28d2988. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
Related
cnvd
cnvd
Google TensorFlow code issue vulnerability (CNVD-2022-09857)
2021-08-30 00:00:00
prion
prion
Null pointer dereference
2021-08-12 19:15:00
osv
osv
github
github
Null pointer dereference in `MatrixDiagPartOp`
2021-08-25 14:43:42
cve
cve
CVE-2021-37643
2021-08-12 19:15:08
veracode
veracode
Denial Of Service (DoS)
2021-08-13 04:33:37
nvd
nvd
CVE-2021-37643
2021-08-12 19:15:08
cvelist
cvelist
CVE-2021-37643 Null pointer dereference in `MatrixDiagPartOp` in TensorFlow
2021-08-12 18:10:21
ibm
ibm
suse
suse
Security update for tensorflow2 (moderate)
2022-06-18 00:00:00
nessus
nessus
openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)
2022-06-19 00:00:00