CVE-2021-41214
Reference binding to `nullptr` in `tf.ragged.cross`
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` has an undefined behavior due to binding a reference to `nullptr`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
TensorFlow es una plataforma de código abierto para el aprendizaje automático. En las versiones afectadas el código de inferencia de formas para "tf.ragged.cross" presenta un comportamiento indefinido debido a la vinculación de una referencia a "nullptr". La corrección será incluida en TensorFlow versión 2.7.0. También será incluida este commit en TensorFlow versión 2.6.1, TensorFlow versión 2.5.2, y TensorFlow versión 2.4.4, ya que estos también están afectados y todavía están en el rango admitido
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-09-15 CVE Reserved
- 2021-11-05 CVE Published
- 2023-05-29 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-824: Access of Uninitialized Pointer
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v | 2024-08-04 |
URL | Date | SRC |
---|---|---|
https://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8 | 2021-11-09 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Tensorflow Search vendor "Google" for product "Tensorflow" | < 2.4.4 Search vendor "Google" for product "Tensorflow" and version " < 2.4.4" | - |
Affected
| ||||||
Google Search vendor "Google" | Tensorflow Search vendor "Google" for product "Tensorflow" | >= 2.5.0 < 2.5.2 Search vendor "Google" for product "Tensorflow" and version " >= 2.5.0 < 2.5.2" | - |
Affected
| ||||||
Google Search vendor "Google" | Tensorflow Search vendor "Google" for product "Tensorflow" | 2.6.0 Search vendor "Google" for product "Tensorflow" and version "2.6.0" | - |
Affected
|