CVE-2021-37644: Reachable Assertion
(updated )
TensorFlow is an end-to-end open source platform for machine learning. Providing a negative element to num_elements
list argument of tf.raw_ops.TensorListReserve
causes the runtime to abort the process due to reallocating a std::vector
to have a negative number of elements. The implementation calls std::vector.resize()
with the new size controlled by input given by the user, without checking that this input is valid.
References
Detect and mitigate CVE-2021-37644 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →