CVE-2021-29514: Out-of-bounds Write
(updated )
TensorFlow is an end-to-end open source platform for machine learning. If the splits
argument of RaggedBincount
does not specify a valid SparseTensor
, then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the splits
tensor buffer in the implementation of the RaggedBincount
op. Before the for
loop, batch_idx
is set to The attacker sets splits(0)
to be 7, hence the while
loop does not execute and batch_idx
remains This then results in writing to out(-1, bin)
, which is before the heap allocated buffer for the output tensor.
References
Detect and mitigate CVE-2021-29514 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →