CVE-2021-29575
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. The implementation(https://github.com/tensorflow/tensorflow/blob/5b3b071975e01f0d250c928b2a8f901cd53b90a7/tensorflow/core/kernels/reverse_sequence_op.cc#L114-L118) fails to validate that seq_dim and batch_dim arguments are valid. Negative values for seq_dim can result in stack overflow or CHECK-failure, depending on the version of Eigen code used to implement the operation. Similar behavior can be exhibited by invalid values of batch_dim. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| tensorflow | tensorflow | < 2.1.4 | affected |
| tensorflow | tensorflow | >= 2.2.0, < 2.2.3 | affected |
| tensorflow | tensorflow | >= 2.3.0, < 2.3.3 | affected |
| tensorflow | tensorflow | >= 2.4.0, < 2.4.2 | affected |
Weaknesses
- CWE-119: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6qgm-fv6v-rfpv
- https://github.com/tensorflow/tensorflow/commit/ecf768cbe50cedc0a45ce1ee223146a3d3d26d23
References
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6qgm-fv6v-rfpv
- https://github.com/tensorflow/tensorflow/commit/ecf768cbe50cedc0a45ce1ee223146a3d3d26d23
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.