CVE-2021-29521

Source
https://cve.org/CVERecord?id=CVE-2021-29521
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29521.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-29521
Aliases
Published
2021-05-14T20:15:11.567Z
Modified
2026-07-08T05:59:44.318838235Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.raw_ops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/8f7b60ee8c0206a2c99802e3a4d1bb55d2bc0624/tensorflow/core/kernels/countops.cc#L199-L213) assumes the first element of the dense shape is always positive and uses it to initialize a BatchedMap<T> (i.e., std::vector<absl::flat_hash_map<int64,T>>(https://github.com/tensorflow/tensorflow/blob/8f7b60ee8c0206a2c99802e3a4d1bb55d2bc0624/tensorflow/core/kernels/countops.cc#L27)) data structure. If the shape tensor has more than one element, num_batches is the first value in shape. Ensuring that the dense_shape argument is a valid tensor shape (that is, all elements are non-negative) solves this issue. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3.

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type
GIT
Repo
https://github.com/tensorflow/tensorflow
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "2.3.0"
        },
        {
            "fixed": "2.3.3"
        },
        {
            "introduced": "2.4.0"
        },
        {
            "fixed": "2.4.2"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*"
}

Affected versions

v2.*
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.4.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29521.json"