Safety vulnerability ID: 42462
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41215: In affected versions, the shape inference code for 'DeserializeSparse' can trigger a null pointer dereference. This is because the shape inference function assumes that the 'serialize_sparse' tensor is a tensor with positive rank (and having '3' as the last dimension). The fix is included in TensorFlow 2.7.0.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x3v8-c8qx-3j3r
https://github.com/tensorflow/tensorflow/commit/d3738dd70f1c9ceb547258cbb82d853da8771850
Latest version: 2.18.0
TensorFlow is an open source machine learning framework for everyone.
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `DeserializeSparse` can trigger a null pointer dereference. This is because the shape inference function assumes that the `serialize_sparse` tensor is a tensor with positive rank (and having `3` as the last dimension). The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. See CVE-2021-41215.
CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x3v8-c8qx-3j3r: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x3v8-c8qx-3j3r
MISC:https://github.com/tensorflow/tensorflow/commit/d3738dd70f1c9ceb547258cbb82d853da8771850: https://github.com/tensorflow/tensorflow/commit/d3738dd70f1c9ceb547258cbb82d853da8771850
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application