CVE-2021-41201: Unitialized access in `EinsumHelper::ParseEquation`
(updated )
During execution, EinsumHelper::ParseEquation() is supposed to set the flags in input_has_ellipsis vector and *output_has_ellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output.
However, the code only changes these flags to true and never assigns false.
for (int i = 0; i < num_inputs; ++i) {
input_label_counts->at(i).resize(num_labels);
for (const int label : input_labels->at(i)) {
if (label != kEllipsisLabel)
input_label_counts->at(i)[label] += 1;
else
input_has_ellipsis->at(i) = true;
}
}
output_label_counts->resize(num_labels);
for (const int label : *output_labels) {
if (label != kEllipsisLabel)
output_label_counts->at(label) += 1;
else
*output_has_ellipsis = true;
}
This results in unitialized variable access if callers assume that EinsumHelper::ParseEquation() always sets these flags.
References
- github.com/advisories/GHSA-j86v-p27c-73fm
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-611.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-809.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-394.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6
- github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm
- nvd.nist.gov/vuln/detail/CVE-2021-41201
Detect and mitigate CVE-2021-41201 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →