BIT-tensorflow-2021-29613
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/tensorflow/BIT-tensorflow-2021-29613.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-tensorflow-2021-29613
- Aliases
- Published
- 2024-03-06T11:18:03.193Z
- Modified
- 2024-11-27T19:40:48.342Z
- Summary
- [none]
- Details
-
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in
tf.raw_ops.CTCLossallows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. - Database specific
{ "cpes": [ "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*" ], "severity": "Medium" }- References
Affected packages
Bitnami / tensorflow
Package
- Name
- tensorflow
- Purl
- pkg:bitnami/tensorflow
Severity
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator