CVE-2021-29592
MEDIUMTensorFlow < 2.1.4 - NULL Pointer Dereference in Reshape Operator
Title source: llmDescription
TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15209) missed the case when the target shape of `Reshape` operator is given by the elements of a 1-D tensor. As such, the fix for the vulnerability(https://github.com/tensorflow/tensorflow/blob/9c1dc920d8ffb4893d6c9d27d1f039607b326743/tensorflow/lite/core/subgraph.cc#L1062-L1074) allowed passing a null-buffer-backed tensor with a 1D shape. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjr8-m8g8-p6wv
Patch, Third Party Advisory x_refsource_misc
https://github.com/tensorflow/tensorflow/commit/f8378920345f4f4604202d4ab15ef64b2aceaa16
Scores
CVSS v3
4.4
EPSS
0.0022
EPSS Percentile
11.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Details
CWE
CWE-476
Status
published
Products (4)
google/tensorflow
< 2.1.4
pypi/tensorflow
0 - 2.1.4PyPI
pypi/tensorflow-cpu
0 - 2.1.4PyPI
pypi/tensorflow-gpu
0 - 2.1.4PyPI
Published
May 14, 2021
Tracked Since
Feb 18, 2026