CVE-2021-41201
HIGHTensorFlow < 2.4.4, 2.6.0-2.6.1 - Access of Uninitialized Pointer in EinsumHelper::ParseEquation()
Title source: llmDescription
TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in `input_has_ellipsis` vector and `*output_has_ellipsis` boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to `true` and never assigns `false`. This results in unitialized variable access if callers assume that `EinsumHelper::ParseEquation()` always sets these flags. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm
Patch, Third Party Advisory x_refsource_misc
https://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6
Scores
CVSS v3
7.8
EPSS
0.0024
EPSS Percentile
14.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-824
Status
published
Products (5)
google/tensorflow
2.6.0
google/tensorflow
< 2.4.4
pypi/tensorflow
2.6.0 - 2.6.1PyPI
pypi/tensorflow-cpu
2.6.0 - 2.6.1PyPI
pypi/tensorflow-gpu
2.6.0 - 2.6.1PyPI
Published
Nov 05, 2021
Tracked Since
Feb 18, 2026