CVE-2021-29574: NULL Pointer Dereference
(updated )
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.MaxPool3DGradGrad
exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors. The implementation fails to validate that the 3 tensor inputs are not empty. If any of them is empty, then accessing the elements in the tensor results in dereferencing a null pointer.
References
Detect and mitigate CVE-2021-29574 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →