Safety vulnerability ID: 57894
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29545: An attacker can trigger a denial of service via a 'CHECK'-fail in converting sparse tensors to CSR Sparse matrices. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/800346f2c03a27e182dd4fba48295f65e7790739/tensorflow/core/kernels/sparse/kernels.cc#L66) does a double redirection to access an element of an array allocated on the heap. If the value at 'indices(i, 0)' is such that 'indices(i, 0) + 1' is outside the bounds of 'csr_row_ptr', this results in writing outside of bounds of heap allocated data.
Latest version: 2.14.0.600
TensorFlow is an open source machine learning framework for everyone.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application