We use cookies to improve your experience on our site.
AVID-2026-R0819
Description
Vulnerability CVE-2021-33650
Details
When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers.
Reason for inclusion in AVID: The report describes a vulnerability in the MindSpore AI framework (SparseToDense operator) that causes an out-of-bounds read when the number of inputs is less than three. This is a security flaw in an AI software component used to build/train/deploy general-purpose AI systems, with packaging reference (openEuler:mindspore). It maps to a CVE entry (CVE-2021-33650) and CWE-125, indicating a classic out-of-bounds vulnerability. This aligns with AVID’s focus on software supply chain issues in AI stacks (libraries/frameworks, runtimes, artifacts).
References
- NVD entry
- https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-005_en.md
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | openEuler:mindspore |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CWE
| ID | Description |
|---|---|
| CWE-125 | CWE-125 Out-of-bounds Read |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2022-06-27
- Version: 0.3.3
- AVID Entry