Safety vulnerability ID: 57918
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29552: An attacker can cause a denial of service by controlling the values of `num_segments` tensor argument for `UnsortedSegmentJoin`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/a2a607db15c7cd01d754d37e5448d72a13491bdb/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L93) assumes that the `num_segments` tensor is a valid scalar. Since the tensor is empty the `CHECK` involved in `.scalar<T>()()` that checks that the number of elements is exactly 1 will be invalidated and this would result in process termination.
Latest version: 2.14.0.600
TensorFlow is an open source machine learning framework for everyone.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application