CVE-2021-41200
MEDIUMTensorFlow < 2.4.4, 2.6.0-2.6.1 - Reachable Assertion via tf.summary.create_file_writer
Title source: llmDescription
TensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gh8h-7j2j-qv4f
Exploit, Third Party Advisory x_refsource_misc
https://github.com/tensorflow/tensorflow/issues/46909
Patch, Third Party Advisory x_refsource_misc
https://github.com/tensorflow/tensorflow/commit/874bda09e6702cd50bac90b453b50bcc65b2769e
Scores
CVSS v3
5.5
EPSS
0.0023
EPSS Percentile
13.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-617
Status
published
Products (5)
google/tensorflow
2.6.0
google/tensorflow
< 2.4.4
pypi/tensorflow
2.6.0 - 2.6.1PyPI
pypi/tensorflow-cpu
2.6.0 - 2.6.1PyPI
pypi/tensorflow-gpu
2.6.0 - 2.6.1PyPI
Published
Nov 05, 2021
Tracked Since
Feb 18, 2026