CVE-2021-29615: Stack overflow in `ParseAttrValue` with nested tensors
(updated )
The implementation of ParseAttrValue can be tricked into stack overflow due to recursion by giving in a specially crafted input.
References
- github.com/advisories/GHSA-qw5h-7f53-xrp6
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-543.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-741.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-252.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/e07e1c3d26492c06f078c7e5bf2d138043e199c1
- github.com/tensorflow/tensorflow/security/advisories/GHSA-qw5h-7f53-xrp6
- nvd.nist.gov/vuln/detail/CVE-2021-29615
Detect and mitigate CVE-2021-29615 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →