CVE-2021-39158

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-39158
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39158.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-39158
Related
  • GHSA-fmpp-8pwg-vwh9
Published
2021-08-23T21:15:09.643Z
Modified
2026-04-10T04:38:26.675578Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

NVCaffe's python required dependencies list used to contain gfortranversion prior to 0.17.4, entry which does not exist in the repository pypi.org. An attacker could potentially have posted malicious files to pypi.org causing a user to install it within NVCaffe.

References

Affected packages

Git / github.com/nvidia/caffe

Affected ranges

Type
GIT
Repo
https://github.com/nvidia/caffe
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
21fae6992de15a5dea6e04044b8188360c09a2b8
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.17.4"
        }
    ]
}

Affected versions

v0.*
v0.14-alpha
v0.15.10
v0.15.11
v0.15.12
v0.15.13
v0.15.14
v0.15.2
v0.15.3
v0.15.4
v0.15.5
v0.15.6
v0.15.7
v0.15.8
v0.15.9
v0.16.2
v0.16.3
v0.16.4
v0.16.5
v0.16.6
v0.17.0
v0.17.1
v0.17.2
v0.17.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39158.json"