CVE-2021-29540: Out-of-bounds Write
(updated )
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow to occur in Conv2DBackpropFilter
. This is because the implementation computes the size of the filter tensor but does not validate that it matches the number of elements in filter_sizes
. Later, when reading/writing to this buffer, code uses the value computed here, instead of the number of elements in the tensor.
References
Detect and mitigate CVE-2021-29540 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →