CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2021-41224 – `SparseFillEmptyRows` heap OOB read
https://notcve.org/view.php?id=CVE-2021-41224
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB access. This occurs whenever the size of `indices` does not match the size of `values`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/67bfd9feeecfb3c61d80f0e46d89c170fbee682b https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rg3m-hqc5-344v • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2021-41212 – Heap OOB read in `tf.ragged.cross`
https://notcve.org/view.php?id=CVE-2021-41212
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. TensorFlow es una plataforma de código abierto para el aprendizaje automático. • https://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fr77-rrx3-cp7g • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41211 – Heap OOB read in shape inference for `QuantizeV2`
https://notcve.org/view.php?id=CVE-2021-41211
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV2` can trigger a read outside of bounds of heap allocated array. This occurs whenever `axis` is a negative value less than `-1`. In this case, we are accessing data before the start of a heap buffer. The code allows `axis` to be an optional argument (`s` would contain an `error::NOT_FOUND` error code). • https://github.com/tensorflow/tensorflow/commit/a0d64445116c43cf46a5666bd4eee28e7a82f244 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvgx-3v3q-m36c • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41205 – Heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops
https://notcve.org/view.php?id=CVE-2021-41205
TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. TensorFlow es una plataforma de código abierto para el aprendizaje automático. • https://github.com/tensorflow/tensorflow/commit/7cf73a2274732c9d82af51c2bc2cf90d13cd7e6d https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rx-x2rw-pc6f • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41210 – Heap OOB read in `tf.raw_ops.SparseCountSparseOutput`
https://notcve.org/view.php?id=CVE-2021-41210
TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for `SparseCountSparseOutput` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. TensorFlow es una plataforma de código abierto para el aprendizaje automático. • https://github.com/tensorflow/tensorflow/commit/701cfaca222a82afbeeb17496bd718baa65a67d2 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m342-ff57-4jcc • CWE-125: Out-of-bounds Read •