CVE-2021-29512: Out-of-bounds Write
(updated )
TensorFlow is an end-to-end open source platform for machine learning. If the splits
argument of RaggedBincount
does not specify a valid SparseTensor
, then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the splits
tensor buffer in the implementation of the RaggedBincount
op. Before the for
loop, batch_idx
is set to The user controls the splits
array, making it contain only one element Thus, the code in the while
loop would increment batch_idx
and then try to read splits(1)
, which is outside of bounds.
References
Detect and mitigate CVE-2021-29512 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →