PYSEC-2021-397

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow/PYSEC-2021-397.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2021-397

Aliases

Published

2021-11-05T21:15:00Z

Modified

2023-12-06T01:01:33.986994Z

Summary

[none]

Details

TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

References

Affected packages

PyPI / tensorflow

Package

Name: tensorflow; View open source insights on deps.dev
Purl: pkg:pypi/tensorflow

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7731e8dfbe4a56773be5dc94d631611211156659

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.4

Introduced

2.5.0

Fixed

2.5.2

Introduced

2.6.0

Fixed

2.6.1

Introduced

2.7.0rc0

Fixed

2.7.0

Affected versions

0.*

0.12.0

0.12.1

1.*

1.0.0

1.0.1

1.1.0

1.2.0

1.2.1

1.3.0

1.4.0

1.4.1

1.5.0

1.5.1

1.6.0

1.7.0

1.7.1

1.8.0

1.9.0

1.10.0

1.10.1

1.11.0

1.12.0

1.12.2

1.12.3

1.13.1

1.13.2

1.14.0

1.15.0

1.15.2

1.15.3

1.15.4

1.15.5

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.2.0rc0

2.2.0rc1

2.2.0rc2

2.2.0rc3

2.2.0rc4

2.2.0

2.2.1

2.2.2

2.2.3

2.3.0rc0

2.3.0rc1

2.3.0rc2

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.4.0rc0

2.4.0rc1

2.4.0rc2

2.4.0rc3

2.4.0rc4

2.4.0

2.4.1

2.4.2

2.4.3

2.5.0

2.5.1

2.6.0

2.7.0rc0

2.7.0rc1