Out-of-Bounds Access Vulnerability in Inference Shape Operations

Out-of-Bounds Access Vulnerability in Inference Shape Operations

CVE-2021-33648 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers.

Learn more about our Web Application Penetration Testing UK.