Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-29611— Incomplete validation in `SparseReshape`

CVSS 3.6 · Low EPSS 0.01% · P1
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-29611

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Incomplete validation in `SparseReshape`
Source: NVD (National Vulnerability Database)
Vulnerability Description
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseReshape` results in a denial of service based on a `CHECK`-failure. The implementation(https://github.com/tensorflow/tensorflow/blob/e87b51ce05c3eb172065a6ea5f48415854223285/tensorflow/core/kernels/sparse_reshape_op.cc#L40) has no validation that the input arguments specify a valid sparse tensor. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3, as these are the only affected versions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
初始化不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Google TensorFlow 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Google TensorFlow是美国谷歌(Google)公司的一套用于机器学习的端到端开源平台。 Google TensorFlow 2.4.2,2.3.3 版本存在输入验证错误漏洞,该漏洞源于 SparseReshape 中的不完整验证会导致基于CHECK失败的拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
tensorflowtensorflow < 2.3.3 -

II. Public POCs for CVE-2021-29611

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-29611

登录查看更多情报信息。

Same Patch Batch · tensorflow · 2021-05-14 · 108 CVEs total

CVE-2021-295917.3 HIGHStack overflow due to looping TFLite subgraph
CVE-2021-296057.1 HIGHInteger overflow in TFLite memory allocation
CVE-2021-296067.1 HIGHHeap OOB read in TFLite
CVE-2021-296147.1 HIGHInterpreter crash from `tf.io.decode_raw`
CVE-2021-296016.3 MEDIUMInteger overflow in TFLite concatentation
CVE-2021-296136.3 MEDIUMIncomplete validation in `tf.raw_ops.CTCLoss`
CVE-2021-296075.3 MEDIUMIncomplete validation in `SparseSparseMinimum`
CVE-2021-296085.3 MEDIUMHeap OOB and null pointer dereference in `RaggedTensorToTensor`
CVE-2021-296095.3 MEDIUMIncomplete validation in `SparseAdd`
CVE-2021-295714.5 MEDIUMMemory corruption in `DrawBoundingBoxesV2`
CVE-2021-295924.4 MEDIUMNull pointer dereference in TFLite's `Reshape` operator
CVE-2021-296103.6 LOWInvalid validation in `QuantizeAndDequantizeV2`
CVE-2021-296123.6 LOWHeap buffer overflow in `BandedTriangularSolve`
CVE-2021-295262.5 LOWDivision by 0 in `Conv2D`
CVE-2021-295282.5 LOWDivision by 0 in `QuantizedMul`
CVE-2021-295252.5 LOWDivision by 0 in `Conv2DBackpropInput`
CVE-2021-295842.5 LOWCHECK-fail due to integer overflow
CVE-2021-295832.5 LOWHeap buffer overflow and undefined behavior in `FusedBatchNorm`
CVE-2021-295742.5 LOWUndefined behavior in `MaxPool3DGradGrad`
CVE-2021-295732.5 LOWDivision by 0 in `MaxPoolGradWithArgmax`

Showing top 20 of 108 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: tensorflow
Same vendor: tensorflow
Same weakness: CWE-665

V. Comments for CVE-2021-29611

No comments yet

Leave a comment