{"id":"CVE-2021-41205","details":"TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.","aliases":["BIT-tensorflow-2021-41205","GHSA-49rx-x2rw-pc6f","PYSEC-2021-398","PYSEC-2021-615","PYSEC-2021-813"],"modified":"2026-05-18T20:50:48.028599Z","published":"2021-11-05T21:15:08.750Z","related":["openSUSE-SU-2024:12116-1"],"references":[{"type":"ADVISORY","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rx-x2rw-pc6f"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/7cf73a2274732c9d82af51c2bc2cf90d13cd7e6d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"0"},{"fixed":"64918868e2154b06c7479347a59a4230f785e9fa"},{"introduced":"a4dfb8d1a71385bd6d122e4f27f86dcebb96712d"},{"fixed":"957590ea15cc03ee2e00fc61934647d54836676f"},{"introduced":"919f693420e35d00c8d0a42100837ae3718f7927"},{"fixed":"3aa40c3ce9d16eae296f086bc4ac4d62deb2affc"},{"fixed":"7cf73a2274732c9d82af51c2bc2cf90d13cd7e6d"}],"database_specific":{"cpe":"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*","source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"2.4.4"},{"introduced":"2.5.0"},{"fixed":"2.5.2"},{"introduced":"2.6.0"},{"fixed":"2.6.1"}]}}],"versions":["v2.4.3","v2.6.0","v2.5.1","v2.4.2","v2.5.0","v2.4.1","v2.4.0","v2.4.0-rc4","v2.4.0-rc3","v2.4.0-rc2","v2.4.0-rc1","v2.4.0-rc0","v1.12.1","v1.9.0-rc2","v1.6.0-rc1","v1.1.0-rc2","v1.1.0-rc1","0.6.0","0.5.0"],"database_specific":{"vanir_signatures":[{"target":{"function":"TEST","file":"tensorflow/core/ops/array_ops_test.cc"},"id":"CVE-2021-41205-00534f21","deprecated":false,"digest":{"length":841,"function_hash":"123438572843765965434699119996211259994"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/tensorflow/tensorflow/commit/7cf73a2274732c9d82af51c2bc2cf90d13cd7e6d"},{"target":{"file":"tensorflow/core/ops/array_ops.cc"},"id":"CVE-2021-41205-420c859d","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["21333042683030008622626700788704679710","107974015649863047257561587271006256936","76264185542097749296149273318889205888","162844488573385355550968197393835032856","21333042683030008622626700788704679710","107974015649863047257561587271006256936","76264185542097749296149273318889205888","162844488573385355550968197393835032856","87441483361887399196298430787636489488","117865729398493155727895012950138526202","338599889189426925599503441466802115660","162844488573385355550968197393835032856","21333042683030008622626700788704679710","107974015649863047257561587271006256936","76264185542097749296149273318889205888","162844488573385355550968197393835032856"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/tensorflow/tensorflow/commit/7cf73a2274732c9d82af51c2bc2cf90d13cd7e6d"},{"target":{"file":"tensorflow/core/ops/array_ops_test.cc"},"id":"CVE-2021-41205-98efe4f2","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["176074768384060708931562000164345550008","297622500618749956280912214398564217827","330408963431617733958437307615778212110","201190268224471700808885306969477262917"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/tensorflow/tensorflow/commit/7cf73a2274732c9d82af51c2bc2cf90d13cd7e6d"}],"vanir_signatures_modified":"2026-05-18T20:50:48Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41205.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}