Safety vulnerability ID: 42473
The information on this page was manually curated by our Cybersecurity Intelligence Team.
TensorFlow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41226: In affected versions, the implementation of 'SparseBinCount' is vulnerable to a heap OOB access. This is because of missing validation between the elements of the 'values' argument and the shape of the sparse output. The fix is also included in TensorFlow 2.7.0.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-374m-jm66-3vj8
https://github.com/tensorflow/tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba
Latest version: 2.17.0
TensorFlow is an open source machine learning framework for everyone.
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseBinCount` is vulnerable to a heap OOB access. This is because of missing validation between the elements of the `values` argument and the shape of the sparse output. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. See CVE-2021-41226.
CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-374m-jm66-3vj8: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-374m-jm66-3vj8
MISC:https://github.com/tensorflow/tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba: https://github.com/tensorflow/tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application