5.5
CVE-2021-29618
- EPSS 0.23%
- Veröffentlicht 14.05.2021 20:15:16
- Zuletzt bearbeitet 21.11.2024 06:01:30
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Crash in `tf.transpose` with complex inputs
TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to `tf.transpose` at the same time as passing `conjugate=True` argument results in a crash. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Google ≫ Tensorflow Version < 2.1.4
Google ≫ Tensorflow Version >= 2.2.0 < 2.2.3
Google ≫ Tensorflow Version >= 2.3.0 < 2.3.3
Google ≫ Tensorflow Version >= 2.4.0 < 2.4.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.135 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
| security-advisories@github.com | 2.5 | 1 | 1.4 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-755 Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.
https://github.com/tensorflow/issues/42105
https://github.com/tensorflow/issues/46973
https://github.com/tensorflow/tensorflow/commit/1dc6a7ce6e0b3e27a7ae650bfc05b195ca793f88
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xqfj-cr6q-pc8w