CVE-2021-37635: Out-of-bounds Read
(updated )
TensorFlow is an end-to-end open source platform for machine learning. The implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The implementation fails to validate that each reduction group does not overflow and that each corresponding index does not point to outside the bounds of the input tensor.
References
Detect and mitigate CVE-2021-37635 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →