Home > Vulnerability Database > CVE-2021-29613

Mend.io Vulnerability Database

CVE-2021-29613

Good to know:

Date: May 14, 2021

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Language: Python

Severity Score

7.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-29613

Url: https://github.com/tensorflow/tensorflow/commit/14607c0707040d775e06b6817325640cb4b5864c

Url: https://github.com/tensorflow/tensorflow/commit/4504a081af71514bb1828048363e6540f797005b

Url: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vvg4-vgrv-xfr7

Url: https://www.mend.io/vulnerability-database/CVE-2021-29613

Severity Score

7.1

Weakness Type (CWE)

Improper Initialization

CWE-665

Out-of-bounds Read

CWE-125

Top Fix

Upgrade Version

Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0

Learn More

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	3.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-29613

Good to know:

Date: May 14, 2021

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?