CVE-2021-29521: Incorrect Calculation of Buffer Size
TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.raw_ops.SparseCountSparseOutput
results in a segmentation fault being thrown out from the standard library as std::vector
invariants are broken. This is because the implementation assumes the first element of the dense shape is always positive and uses it to initialize a BatchedMap<T>
data structure. If the shape
tensor has more than one element, num_batches
is the first value in shape
. Ensuring that the dense_shape
argument is a valid tensor shape solves this issue. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3.
References
Detect and mitigate CVE-2021-29521 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →