Safety vulnerability ID: 41148
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37673:
In affected versions, an attacker can trigger a denial of service via a "CHECK"-fail in "tf.raw_ops.MapStage". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L513) does not check that the "key" input is a valid non-empty tensor. The Tensorflow team has patched the issue in GitHub commit d7de67733925de196ec8863a33445b73f9562d1d.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-278g-rq84-9hmg
https://github.com/tensorflow/tensorflow/commit/d7de67733925de196ec8863a33445b73f9562d1d
Latest version: 2.18.0
TensorFlow is an open source machine learning framework for everyone.
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L513) does not check that the `key` input is a valid non-empty tensor. We have patched the issue in GitHub commit d7de67733925de196ec8863a33445b73f9562d1d. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. See CVE-2021-37673.
CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-278g-rq84-9hmg: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-278g-rq84-9hmg
MISC:https://github.com/tensorflow/tensorflow/commit/d7de67733925de196ec8863a33445b73f9562d1d: https://github.com/tensorflow/tensorflow/commit/d7de67733925de196ec8863a33445b73f9562d1d
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application