BIT-tensorflow-2021-41202
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/tensorflow/BIT-tensorflow-2021-41202.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-tensorflow-2021-41202
- Aliases
- Published
- 2024-03-06T11:16:29.270Z
- Modified
- 2024-03-06T11:25:28.861Z
- Summary
- [none]
- Details
-
TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the
tf.rangekernel, there is a conditional statement of typeint64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition will be cast todoubleand the result would be truncated before the assignment. This result in overflows. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. - References
-
- https://github.com/tensorflow/tensorflow/commit/1b0e0ec27e7895b9985076eab32445026ae5ca94
- https://github.com/tensorflow/tensorflow/commit/6d94002a09711d297dbba90390d5482b76113899
- https://github.com/tensorflow/tensorflow/issues/46889
- https://github.com/tensorflow/tensorflow/issues/46912
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx
Affected packages
Bitnami / tensorflow
Package
- Name
- tensorflow
- Purl
- pkg:bitnami/tensorflow
Severity
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator