Lucene search
GoogleOSV:PYSEC-2021-800HistoryAug 12, 2021 - 10:15 p.m.
PYSEC-2021-800
2021-08-1222:15:00
Google
osv.dev
11
tensorflow
mlir optimization
tflite
null pointer dereference
denial of service
github
commit
patch
version 2.6.0
EPSS
0
Percentile
12.6%
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis operator. The implementation unconditionally dereferences a pointer to an iterator to a vector without checking that the vector has elements. We have patched the issue in GitHub commit d6b57f461b39fd1aa8c1b870f1b974aac3554955. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
Related
osv
osv
prion
prion
Null pointer dereference
2021-08-12 22:15:00
nessus
nessus
freebsd
freebsd
py-tflite -- denial of service vulnerability
2021-08-25 00:00:00
cnvd
cnvd
Google TensorFlow Denial of Service Vulnerability (CNVD-2021-63069)
2021-08-13 00:00:00
cvelist
cvelist
cve
cve
CVE-2021-37689
2021-08-12 22:15:09
nvd
nvd
CVE-2021-37689
2021-08-12 22:15:09
github
github
Null pointer dereference in TFLite MLIR optimizations
2021-08-25 14:39:36
suse
suse
Security update for tensorflow2 (moderate)
2022-06-18 00:00:00
