How severe is CVE-2021-29575?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-29575?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2021-29575

MEDIUM Year: 2021

CVSS v3 Score

5.5

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-119

View all →

Vulnerability Description

TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.ReverseSequence` allows for stack overflow and/or `CHECK`-fail based denial of service. The implementation(https://github.com/tensorflow/tensorflow/blob/5b3b071975e01f0d250c928b2a8f901cd53b90a7/tensorflow/core/kernels/reverse_sequence_op.cc#L114-L118) fails to validate that `seq_dim` and `batch_dim` arguments are valid. Negative values for `seq_dim` can result in stack overflow or `CHECK`-failure, depending on the version of Eigen code used to implement the operation. Similar behavior can be exhibited by invalid values of `batch_dim`. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

CVE-2006-3635

MEDIUM

CVSS:5.5(Medium)

The ia64 subsystem in the Linux kernel before 2.6.26 allows local users to cause a denial of service (stack consumption and system crash) via a crafted application that leverages the mishandling of in...

CWE-1192006

CVE-2014-125002

MEDIUM

CVSS:5.5(Medium)

A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. I...

CWE-1192014

CVE-2014-125003

MEDIUM

CVSS:5.5(Medium)

A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The at...

CWE-1192014

CVE-2014-125004

MEDIUM

CVSS:5.5(Medium)

A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corru...

CWE-1192014

CVE-2014-125005

MEDIUM

CVSS:5.5(Medium)

A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_vol_header of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corr...

CWE-1192014

CVE-2014-125006

MEDIUM

CVSS:5.5(Medium)

A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function output_frame of the file libavcodec/h264.c. The manipulation leads to memory ...

CWE-1192014

CVE-2021-29575

Vulnerability Description

Related Vulnerabilities

CVE-2006-3635

CVE-2014-125002

CVE-2014-125003

CVE-2014-125004

CVE-2014-125005

CVE-2014-125006