CVE-2021-37670

Name
CVE-2021-37670
Description
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.UpperBound`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank of `sorted_input` argument. A similar issue occurs in `tf.raw_ops.LowerBound`. We have patched the issue in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/tensorflow/tensorflow/commit/42459e4273c2e47a3232cc16c4f4fff3b3a35c38
CONFIRM https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9697-98pf-4rw7

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:* tensorflow >= 2.3.0 < 2.3.4
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:* tensorflow >= 2.4.0 < 2.4.3
cpe:2.3:a:google:tensorflow:2.5.0:*:*:*:*:*:*:* tensorflow == None == 2.5.0
cpe:2.3:a:google:tensorflow:2.6.0:rc0:*:*:*:*:*:* tensorflow == None == 2.6.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status