CVE-2021-41196
Crash in `max_pool3d` when size argument is 0 or negativeTensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
We have discovered 57 live websites that are affected by CVE-2021-41196.
Affected Software
| Product | |
| Category | JavaScript Libraries |
| Vulnerable Domains | 57 live websites (100% of tensorflow install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-191 Integer Underflow (Wrap or Wraparound)Details
- Published - Nov 6, 2021
- Updated - Aug 4, 2024
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2021-41196 United States | 41 websites |
 Germany | 4 websites |
 India | 2 websites |
 Netherlands | 2 websites |
 Austria | 1 websites |
 Canada | 1 websites |
 Chile | 1 websites |
 Cyprus | 1 websites |
 Denmark | 1 websites |
 GB | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2021-41196| .com | 27 websites |
| .org | 2 websites |
| .at | 1 websites |
| .ch | 1 websites |
| .de | 1 websites |
| .dk | 1 websites |
| .io | 1 websites |
| .net | 1 websites |
Websites affected by CVE-2021-41196
Top websites that are affected by CVE-2021-41196. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.com | United States | ***,*** | |
| *******.************.de | Germany | ***,*** | |
| ******.me | United States | *,***,*** | |
| ***********.com | United States | *,***,*** | |
| ************.com | United States | *,***,*** | |
| ***********.com | United States | *,***,*** | |
| *******.**.kr |  Korea, South | *,***,*** | |
| **********.com | Netherlands | *,***,*** | |
| *********.******.**********.org | Germany | *,***,*** | |
| ***********.com | United States | *,***,*** |
FAQ
CVE-2021-41196 is Integer Underflow (Wrap or Wraparound) in tensorflow
A total of 57 websites have been identified as vulnerable to CVE-2021-41196, based on global website indexing conducted by WebTechSurvey.
The tensorflow is affected by the CVE-2021-41196 vulnerability.
tensorflow versions up to 2.6.1 are vulnerable to CVE-2021-41196.
CVE-2021-41196 is resolved in version 2.6.1 of tensorflow.