CVE-2021-29534
- Source
- https://cve.org/CVERecord?id=CVE-2021-29534
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-29534.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-29534
- Aliases
- Related
- Published
- 2021-05-14T20:15:12.163Z
- Modified
- 2026-02-24T11:40:17.310418Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a
CHECK-fail intf.raw_ops.SparseConcat. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/b432a38fe0e1b4b904a6c222cbce794c39703e87/tensorflow/core/kernels/sparseconcatop.cc#L76) takes the values specified inshapes[0]as dimensions for the output shape. TheTensorShapeconstructor(https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensorshape.cc#L183-L188) uses aCHECKoperation which triggers whenInitDims(https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensorshape.cc#L212-L296) returns a non-OK status. This is a legacy implementation of the constructor and operations should useBuildTensorShapeBaseorAddDimWithStatusto preventCHECK-failures in the presence of overflows. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. - References
-
- https://github.com/tensorflow/tensorflow/commit/69c68ecbb24dff3fa0e46da0d16c821a2dd22d7c
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6j9c-grc6-5m6g
- https://github.com/tensorflow/tensorflow/commit/69c68ecbb24dff3fa0e46da0d16c821a2dd22d7c
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6j9c-grc6-5m6g
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6j9c-grc6-5m6g
Affected packages
Git / github.com/tensorflow/tensorflow
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tensorflow/tensorflow
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroducedFixed
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-29534.json"
vanir_signatures
[
{
"id": "CVE-2021-29534-eaa6d837",
"source": "https://github.com/tensorflow/tensorflow/commit/69c68ecbb24dff3fa0e46da0d16c821a2dd22d7c",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"54466587059830531606319629979708964218",
"176166860136873772506799387852628074893",
"219087856220527641767568187640139749659",
"129539331549458829634308876280157793606",
"170204760130797093209611304237452900549",
"199899400839219146842866542472955256253",
"264052507538386270360638686927856550078",
"296194634976191319232614157678305799912",
"141952356479922739280432895333698825947",
"137750464255645687408388648044548776321",
"298489643500702948250896595727968197",
"264039766205282928441252333076699437512",
"127793613132576908327996681414516271283",
"86676530842824977775792579556149825913",
"157533235160882106476540420952713713712",
"91486212137232254315094788111533950989",
"62015853014133853024885557482965290357",
"136324176731246554432549993909833752967",
"26477826162944288908114160024147870115",
"67074850193727342529948239785630453294",
"196863243001392019348417618932418943125",
"156363354158468780200878872507210838739"
]
},
"target": {
"file": "tensorflow/core/kernels/sparse_tensors_map_ops.cc"
}
}
]