Safety vulnerability ID: 56834
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37655: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to 'tf.raw_ops.ResourceScatterUpdate'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923) has an incomplete validation of the relationship between the shapes of 'indices' and 'updates': instead of checking that the shape of 'indices' is a prefix of the shape of 'updates' (so that broadcasting can happen), code only checks that the number of elements in these two tensors are in a divisibility relationship. The Tensorflow team has patched the issue in GitHub commit 01cff3f986259d661103412a20745928c727326f.
Latest version: 2.14.0
TensorFlow is an open source machine learning framework for everyone.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application