CVE-2021-37673 : Security Advisory and Response
Discover the impact of CVE-2021-37673 in TensorFlow versions >= 2.3.4 and < 2.5.1, leading to a denial of service attack. Learn about the mitigation steps and affected systems.
A detailed overview of the
CHECKMapStageUnderstanding CVE-2021-37673
This section discusses the impact, technical details, and mitigation strategies related to the vulnerability.
What is CVE-2021-37673?
TensorFlow versions >= 2.3.4 and < 2.5.1 are vulnerable to a denial of service attack through a
CHECKtf.raw_ops.MapStageThe Impact of CVE-2021-37673
The vulnerability has a CVSS base score of 5.5 (Medium severity) with a LOW attack complexity and HIGH availability impact. It does not require user interaction and affects integrity or confidentiality.
Technical Details of CVE-2021-37673
This section covers the vulnerability description, affected systems, and the exploitation mechanism.
Vulnerability Description
The issue lies in the failure to check if the
keyMapStageAffected Systems and Versions
Affected versions include TensorFlow >= 2.5.0, < 2.5.1, >= 2.4.0, < 2.4.3, and < 2.3.4, which are within the supported range.
Exploitation Mechanism
An attacker can exploit this vulnerability by triggering a
CHECKtf.raw_ops.MapStageMitigation and Prevention
In this section, we discuss immediate steps to take, long-term security practices, and the importance of patching and updates.
Immediate Steps to Take
Users are advised to update to TensorFlow 2.6.0 to patch the vulnerability. For those on versions 2.5.1, 2.4.3, and 2.3.4, the fix has been cherrypicked.
Long-Term Security Practices
Maintaining up-to-date software versions, following secure coding practices, and regular security assessments are crucial for long-term security.
Patching and Updates
Regularly check for security advisories and apply patches as soon as they are released to mitigate risks effectively.