Safety vulnerability ID: 56147
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Tensorflow-gpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37668:
In affected versions, an attacker can cause denial of service in applications serving models using "tf.raw_ops.UnravelIndex" by triggering a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unravel_index_op.cc#L36) does not check that the tensor subsumed by "dims" is not empty. Hence, if one element of "dims" is 0, the implementation does a division by 0. The Tensorflow team has patched the issue in GitHub commit a776040a5e7ebf76eeb7eb923bf1ae417dd4d233.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2wmv-37vq-52g5
https://github.com/tensorflow/tensorflow/commit/a776040a5e7ebf76eeb7eb923bf1ae417dd4d233
Latest version: 2.12.0
Removed: please install "tensorflow" instead.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application