CVE-2021-41201: Access of Uninitialized Pointer
(updated )
TensorFlow is an open source platform for machine learning. In affeced versions during execution, EinsumHelper::ParseEquation()
is supposed to set the flags in input_has_ellipsis
vector and *output_has_ellipsis
boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to true
and never assigns false
. This results in unitialized variable access if callers assume that EinsumHelper::ParseEquation()
always sets these flags.
References
Detect and mitigate CVE-2021-41201 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →