Strix
26.1K

CVE-2021-33649

HIGHCVSS 7.5/10EPSS 0.85%

Last modified

CVE-2021-33649 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers.. EPSS estimates a 0.85% chance of exploitation in the next 30 days.

Description

When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
0.85%

53.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
MindsporeMindspore>= 1.0.0, < 1.3.0
MindsporeMindspore0.7.0Beta

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-33649?
When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers.
How severe is CVE-2021-33649?
CVE-2021-33649 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.85% probability of exploitation in the next 30 days.
How do I fix CVE-2021-33649?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-33649?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST