CVE-2021-41197: Integer Overflow or Wraparound
(updated )
TensorFlow is an open source platform for machine learning.However, the total number of elements in a tensor must fit within an int64_t
. If an overflow occurs, MultiplyWithoutOverflow
would return a negative result. In the majority of TensorFlow codebase this then results in a CHECK
-failure. Newer constructs exist which return a Status
instead of crashing the binary.
References
Detect and mitigate CVE-2021-41197 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →