CVE-2021-29582: Out-of-bounds Read
(updated )
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.raw_ops.Dequantize
, an attacker can trigger a read from outside of bounds of heap allocated data. The implementation accesses the min_range
and max_range
tensors in parallel but fails to check that they have the same shape.
References
Detect and mitigate CVE-2021-29582 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →