CVE-2021-41211: Out-of-bounds Read
(updated )
TensorFlow is an open source platform for machine learning.This occurs whenever axis
is a negative value less than -1
. In this case, we are accessing data before the start of a heap buffer. The code allows axis
to be an optional argument (s
would contain an error::NOT_FOUND
error code). Otherwise, it assumes that axis
is a valid index into the dimensions of the input
tensor. If axis
is less than -1
then this results in a heap OOB read.
References
Detect and mitigate CVE-2021-41211 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →