← Back to CVEs
CVE-2021-41196
MEDIUM5.5
Description
TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
CVE Details
CVSS v3.1 Score5.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published11/5/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
google:tensorflow
Weaknesses (CWE)
CWE-191CWE-191
References
https://github.com/tensorflow/tensorflow/commit/12b1ff82b3f26ff8de17e58703231d5a02ef1b8b(security-advisories@github.com)
https://github.com/tensorflow/tensorflow/issues/51936(security-advisories@github.com)
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8(security-advisories@github.com)
https://github.com/tensorflow/tensorflow/commit/12b1ff82b3f26ff8de17e58703231d5a02ef1b8b(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tensorflow/tensorflow/issues/51936(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.