CVE-2021-29543

Description

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.CTCGreedyDecoder`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/1615440b17b364b875eb06f43d087381f1460a65/tensorflow/core/kernels/ctc_decoder_ops.cc#L37-L50) has a `CHECK_LT` inserted to validate some invariants. When this condition is false, the program aborts, instead of returning a valid error to the user. This abnormal termination can be weaponized in denial of service attacks. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

How to fix CVE-2021-29543

To remediate CVE-2021-29543, upgrade the affected package to a fixed version below.

• —upgrade to 2.1.4 or later
• —upgrade to 2.1.4 or later
• —upgrade to ea3b43e98c32c97b35d52b4c66f9107452ca8fb2 or later
• —upgrade to ea3b43e98c32c97b35d52b4c66f9107452ca8fb2 or later
• —upgrade to 2.1.4 or later
• —upgrade to ea3b43e98c32c97b35d52b4c66f9107452ca8fb2 or later
• —upgrade to 2.1.4 or later

Is CVE-2021-29543 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (7)

• from 0, < 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2
• from 0, < 2.1.4
• from 0, < ea3b43e98c32c97b35d52b4c66f9107452ca8fb2 | from 0, < 2.2.0rc0, >= 2.2.0, < 2.3.0rc0, >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3
• from 0, < ea3b43e98c32c97b35d52b4c66f9107452ca8fb2 | from 0, < 2.2.0rc0, >= 2.2.0, < 2.3.0rc0, >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3
• from 0, < 2.1.4
• from 0, < ea3b43e98c32c97b35d52b4c66f9107452ca8fb2 | from 0, < 2.2.0rc0, >= 2.2.0, < 2.3.0rc0, >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3
• from 0, < 2.1.4

CVSS scores

References (7)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-29543
• PATCHgithub.com/tensorflow/tensorflow
• WEBgithub.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-471.yaml
• WEBgithub.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-669.yaml