VDB
CVE-2021-41203
CVE-2021-41203
PUBLISHED
TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and `CHECK`-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats. The fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
EPSS 0.02% · 5.3th percentile
Risk Scores
EPSS Score
0.02%
5.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | tensorflow | 0, 2.5.0, 2.6.0 |
| Bitnami | tensorflow | 0, 2.5.0, 2.6.0 |
Timeline
- Nov 5, 2021 CVE Published
- Nov 6, 2021 EPSS Score
- Nov 10, 2021 EPSS Score
- Jan 1, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 25, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 22, 2022 EPSS Score
- Jun 16, 2022 EPSS Score
- Aug 12, 2022 EPSS Score
- Dec 1, 2022 EPSS Score
- Jan 26, 2023 EPSS Score
References
- https://github.com/tensorflow/tensorflow/commit/368af875869a204b4ac552b9ddda59f6a46a56ec url
- https://github.com/tensorflow/tensorflow/commit/abcced051cb1bd8fb05046ac3b6023a7ebcc4578 url
- https://github.com/tensorflow/tensorflow/commit/b619c6f865715ca3b15ef1842b5b95edbaa710ad url
- https://github.com/tensorflow/tensorflow/commit/e8dc63704c88007ee4713076605c90188d66f3d2 url
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-41203 url