CVE-2021-29610
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
14/05/2021
Last modified:
25/10/2022
Description
TensorFlow is an end-to-end open source platform for machine learning. The validation in `tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis` argument:. The validation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L74-L77) uses `||` to mix two different conditions. If `axis_
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:* | 2.1.4 (excluding) | |
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:* | 2.2.0 (including) | 2.2.3 (excluding) |
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:* | 2.3.0 (including) | 2.3.3 (excluding) |
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:* | 2.4.0 (including) | 2.4.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page