Skip to main content

Incorrect Conversion between Numeric Types

CVE-2021-29539

Severity Medium
Score 5.5/10

Summary

TensorFlow is an end-to-end open source platform for machine learning. On versions before 2.1.4, 2.2.0 through 2.2.2, 2.3.0 through 2.3.2 and 2.4.0 through 2.4.1, calling `tf.raw_ops.ImmutableConst`(https://www.tensorflow.org/api_docs/python/tf/raw_ops/ImmutableConst) with a `dtype` of `tf.resource` or `tf.variant` results in a segfault in the implementation as code assumes that the tensor contents are pure scalars. If using `tf.raw_ops.ImmutableConst` in code, you can prevent the segfault by inserting a filter for the `dtype` argument.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • NONE
  • HIGH

CWE-681 - Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

Advisory Timeline

  • Published