Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-37650

In TensorFlow before version 2.6.0 the implementation for tf.raw_ops.ExperimentalDatasetToTFRecord and tf.raw_ops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the dataset are of string type. However, there is no check for that, and the example given above uses numeric types.

Source

Severity High

Remote No

Type Denial of service

Description

In TensorFlow before version 2.6.0 the implementation for tf.raw_ops.ExperimentalDatasetToTFRecord and tf.raw_ops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the dataset are of string type. However, there is no check for that, and the example given above uses numeric types.

AVG-2292 tensorflow 2.5.0-6 2.5.1-1 Critical Fixed

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f8h4-7rgh-q2gm
https://github.com/tensorflow/tensorflow/commit/e0b6e58c328059829c3eb968136f17aa72b6c876

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect