Safety vulnerability ID: 42469
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41222: In affected versions, the implementation of 'SplitV' can trigger a segfault if an attacker supplies negative arguments. This occurs whenever 'size_splits' contains more than one value and at least one value is negative. The fix is included in TensorFlow 2.7.0.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cpf4-wx82-gxp6
https://github.com/tensorflow/tensorflow/commit/25d622ffc432acc736b14ca3904177579e733cc6
Latest version: 2.16.1
TensorFlow is an open source machine learning framework for everyone.
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever `size_splits` contains more than one value and at least one value is negative. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. See CVE-2021-41222.
CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cpf4-wx82-gxp6: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cpf4-wx82-gxp6
MISC:https://github.com/tensorflow/tensorflow/commit/25d622ffc432acc736b14ca3904177579e733cc6: https://github.com/tensorflow/tensorflow/commit/25d622ffc432acc736b14ca3904177579e733cc6
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application