CVE-2021-39158

Summary

NVCaffe's python required dependencies list used to contain gfortranversion prior to 0.17.4, entry which does not exist in the repository pypi.org. An attacker could potentially have posted malicious files to pypi.org causing a user to install it within NVCaffe.

Affected Software

VendorProductVersion RangeStatus
NVIDIAcaffe<= 0.17.4affected

Weaknesses

  • CWE-345: CWE-345: Insufficient Verification of Data Authenticity

ADP Enrichment

CVE Program Container

Additional References

References