CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41202 – Overflow/crash in `tf.range`
https://notcve.org/view.php?id=CVE-2021-41202
TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the `tf.range` kernel, there is a conditional statement of type `int64 = condition ? int64 : double`. Due to C++ implicit conversion rules, both branches of the condition will be cast to `double` and the result would be truncated before the assignment. This result in overflows. • https://github.com/tensorflow/tensorflow/commit/1b0e0ec27e7895b9985076eab32445026ae5ca94 https://github.com/tensorflow/tensorflow/commit/6d94002a09711d297dbba90390d5482b76113899 https://github.com/tensorflow/tensorflow/issues/46889 https://github.com/tensorflow/tensorflow/issues/46912 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41209 – FPE in convolutions with zero size filters
https://notcve.org/view.php?id=CVE-2021-41209
TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. TensorFlow es una plataforma de código abierto para el aprendizaje automático. • https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6 • CWE-369: Divide By Zero •