Vulnerabilities > CVE-2021-29619 - Improper Handling of Exceptional Conditions vulnerability in Google Tensorflow

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
google
CWE-755

Summary

TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments (e.g., discovered via fuzzing) to `tf.raw_ops.SparseCountSparseOutput` results in segfault. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Vulnerable Configurations

Part Description Count
Application
Google
385