NULL Pointer Dereference

CVE-2021-29513

High

7.8/10

Summary

TensorFlow is an end-to-end open source platform for machine learning. On versions before 2.1.4, 2.2.0 through 2.2.2, 2.3.0 through 2.3.2, 2.4.0 through 2.4.1, calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++ array(https://github.com/tensorflow/tensorflow/blob/ff70c47a396ef1e3cb73c90513da4f5cb71bebba/tensorflow/python/lib/core/ndarray_tensor.cc#L113-L169) is vulnerable to a type confusion.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

Vulnerable component
Advisory

Advisory Timeline

Published May 14, 2021

NULL Pointer Dereference

CVE-2021-29513

Summary

CWE-476 - NULL Pointer Dereference

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS