CVE-2021-29605

Description

TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating `TFLiteIntArray`s is vulnerable to an integer overflow issue(https://github.com/tensorflow/tensorflow/blob/4ceffae632721e52bf3501b736e4fe9d1221cdfa/tensorflow/lite/c/common.c#L24-L27). An attacker can craft a model such that the `size` multiplier is so large that the return value overflows the `int` datatype and becomes negative. In turn, this results in invalid value being given to `malloc`(https://github.com/tensorflow/tensorflow/blob/4ceffae632721e52bf3501b736e4fe9d1221cdfa/tensorflow/lite/c/common.c#L47-L52). In this case, `ret->size` would dereference an invalid pointer. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

How to fix CVE-2021-29605

To remediate CVE-2021-29605, upgrade the affected package to a fixed version below.

• —upgrade to 2.1.4 or later
• —upgrade to 2.1.4 or later
• —upgrade to 7c8cc4ec69cd348e44ad6a2699057ca88faad3e5 or later
• —upgrade to 7c8cc4ec69cd348e44ad6a2699057ca88faad3e5 or later
• —upgrade to 2.1.4 or later
• —upgrade to 7c8cc4ec69cd348e44ad6a2699057ca88faad3e5 or later
• —upgrade to 2.1.4 or later

Is CVE-2021-29605 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (7)

• from 0, < 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2
• from 0, < 2.1.4
• from 0, < 7c8cc4ec69cd348e44ad6a2699057ca88faad3e5 | from 0, < 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2
• from 0, < 7c8cc4ec69cd348e44ad6a2699057ca88faad3e5 | from 0, < 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2
• from 0, < 2.1.4
• from 0, < 7c8cc4ec69cd348e44ad6a2699057ca88faad3e5 | from 0, < 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2
• from 0, < 2.1.4

CVSS scores

References (8)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-29605
• PATCHgithub.com/tensorflow/tensorflow
• WEBgithub.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-533.yaml
• WEBgithub.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-731.yaml