CVE-2021-29563
- Source
- https://cve.org/CVERecord?id=CVE-2021-29563
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29563.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-29563
- Aliases
- Related
- Published
- 2021-05-14T20:15:13.513Z
- Modified
- 2026-04-02T06:49:58.639737Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a
CHECK-failure coming from the implementation oftf.raw_ops.RFFT. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. - References
Affected packages
Git / github.com/tensorflow/tensorflow
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tensorflow/tensorflow
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroducedFixedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "2.1.4" }, { "introduced": "2.2.0" }, { "fixed": "2.2.3" }, { "introduced": "2.3.0" }, { "fixed": "2.3.3" }, { "introduced": "2.4.0" }, { "fixed": "2.4.2" } ] }
Affected versions
0.*
0.12.0-rc0
0.12.0-rc1
0.12.1
0.5.0
0.6.0
tflite-v0.*
tflite-v0.1.7
v0.*
v0.10.0
v0.10.0rc0
v0.11.0
v0.11.0rc0
v0.11.0rc1
v0.11.0rc2
v0.12.0
v0.6.0
v0.7.0
v0.7.1
v0.8.0
v0.8.0rc0
v0.9.0
v0.9.0rc0
v1.*
v1.0.0
v1.0.0-alpha
v1.0.0-rc0
v1.0.0-rc1
v1.0.0-rc2
v1.0.1
v1.1.0
v1.1.0-rc0
v1.1.0-rc1
v1.1.0-rc2
v1.10.0
v1.10.0-rc0
v1.10.0-rc1
v1.10.1
v1.11.0
v1.11.0-rc0
v1.11.0-rc1
v1.11.0-rc2
v1.12.0
v1.12.0-rc0
v1.12.0-rc1
v1.12.0-rc2
v1.12.1
v1.12.2
v1.12.3
v1.13.0-rc0
v1.13.0-rc1
v1.13.0-rc2
v1.13.1
v1.13.2
v1.14.0
v1.14.0-rc0
v1.14.0-rc1
v1.15.0
v1.15.0-rc0
v1.15.0-rc1
v1.15.0-rc2
v1.15.0-rc3
v1.15.2
v1.15.3
v1.15.4
v1.15.5
v1.2.0
v1.2.0-rc0
v1.2.0-rc1
v1.2.0-rc2
v1.2.1
v1.3.0
v1.3.0-rc0
v1.3.0-rc1
v1.3.0-rc2
v1.3.1
v1.4.0
v1.4.0-rc0
v1.4.0-rc1
v1.4.1
v1.5.0
v1.5.0-rc0
v1.5.0-rc1
v1.5.1
v1.6.0
v1.6.0-rc0
v1.6.0-rc1
v1.7.0
v1.7.0-rc0
v1.7.0-rc1
v1.7.1
v1.8.0
v1.8.0-rc0
v1.8.0-rc1
v1.9.0
v1.9.0-rc0
v1.9.0-rc1
v1.9.0-rc2
v2.*
v2.0.0
v2.0.0-alpha0
v2.0.0-beta0
v2.0.0-beta1
v2.0.0-rc0
v2.0.0-rc1
v2.0.0-rc2
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.1.0
v2.1.0-rc0
v2.1.0-rc1
v2.1.0-rc2
v2.1.1
v2.1.2
v2.1.3
v2.2.0
v2.2.0-rc0
v2.2.0-rc1
v2.2.0-rc2
v2.2.0-rc3
v2.2.0-rc4
v2.2.1
v2.2.2
v2.3.0
v2.3.0-rc0
v2.3.0-rc1
v2.3.0-rc2
v2.3.1
v2.3.2
v2.4.0
v2.4.0-rc0
v2.4.0-rc1
v2.4.0-rc2
v2.4.0-rc3
v2.4.0-rc4
v2.4.1
v2.5.0
v2.5.0-rc0
v2.5.0-rc1
v2.5.0-rc2
v2.5.0-rc3
v2.5.1
v2.5.2
v2.5.3
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29563.json"
vanir_signatures
[
{
"target": {
"file": "tensorflow/core/kernels/fft_ops.cc"
},
"digest": {
"line_hashes": [
"257959825207379475060310603191970168542",
"229473995359926218969217089394845656458",
"218691691843980402704783883919665046136",
"168456843596851301372464492558602634656"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/tensorflow/tensorflow/commit/31bd5026304677faa8a0b77602c6154171b9aec1",
"signature_version": "v1",
"id": "CVE-2021-29563-01799b1e"
}
]