Safety vulnerability ID: 58022
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Tensorflow-rocm-enhanced version 2.3.4 and 2.4.3 include a fix for CVE-2021-37670:
In affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to "tf.raw_ops.UpperBound". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank of "sorted_input" argument. A similar issue occurs in "tf.raw_ops.LowerBound". The Tensorflow team has patched the issue in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9697-98pf-4rw7
https://github.com/tensorflow/tensorflow/commit/42459e4273c2e47a3232cc16c4f4fff3b3a35c38
Latest version: 2.4.3
TensorFlow is an open source machine learning framework for everyone.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application