{ "id": "CVE-2021-29565", "sourceIdentifier": "security-advisories@github.com", "published": "2021-05-14T20:15:13.603", "lastModified": "2024-11-21T06:01:23.633", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of `tf.raw_ops.SparseFillEmptyRows`. This is because of missing validation(https://github.com/tensorflow/tensorflow/blob/fdc82089d206e281c628a93771336bf87863d5e8/tensorflow/core/kernels/sparse_fill_empty_rows_op.cc#L230-L231) that was covered under a `TODO`. If the `dense_shape` tensor is empty, then `dense_shape_t.vec<>()` would cause a null pointer dereference in the implementation of the op. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range." }, { "lang": "es", "value": "TensorFlow es una plataforma de c\u00f3digo abierto de extremo a extremo para el aprendizaje autom\u00e1tico. Un atacante puede desencadenar una desreferencia de puntero null en una implementaci\u00f3n de \"tf.raw_ops.SparseFillEmptyRows\". Esto es debido a una falta de comprobaci\u00f3n (https://github.com/tensorflow/tensorflow/blob/fdc82089d206e281c628a93771336bf87863d5e8/tensorflow/core/kernels/sparse_fill_empty_rows_op.cc#L230-L231) esto se qued\u00f3 cubierto bajo un \"TODO\". Si el tensor \"dense_shape\" est\u00e1 vac\u00edo, entonces \"dense_shape_t.vec()()\" causar\u00eda una desreferencia del puntero null en la implementaci\u00f3n de la operaci\u00f3n. La correcci\u00f3n ser\u00e1 incluida en TensorFlow versi\u00f3n 2.5.0. Tambi\u00e9n seleccionaremos este commit en TensorFlow versi\u00f3n 2.4.2, TensorFlow versi\u00f3n 2.3.3, TensorFlow versi\u00f3n 2.2.3 y TensorFlow versi\u00f3n 2.1.4, ya que estos tambi\u00e9n est\u00e1n afectados y a\u00fan est\u00e1n en el rango admitido" } ], "metrics": { "cvssMetricV31": [ { "source": "security-advisories@github.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 2.5, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW" }, "exploitabilityScore": 1.0, "impactScore": 1.4 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "baseScore": 2.1, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL" }, "baseSeverity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "security-advisories@github.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-476" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.1.4", "matchCriteriaId": "323ABCCE-24EB-47CC-87F6-48C101477587" }, { "vulnerable": true, "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.2.0", "versionEndExcluding": "2.2.3", "matchCriteriaId": "64ABA90C-0649-4BB0-89C9-83C14BBDCC0F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.3.0", "versionEndExcluding": "2.3.3", "matchCriteriaId": "0F83E0CF-CBF6-4C24-8683-3E7A5DC95BA9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.4.0", "versionEndExcluding": "2.4.2", "matchCriteriaId": "8259531B-A8AC-4F8B-B60F-B69DE4767C03" } ] } ] } ], "references": [ { "url": "https://github.com/tensorflow/tensorflow/commit/faa76f39014ed3b5e2c158593b1335522e573c7f", "source": "security-advisories@github.com", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6pg-pjwc-j585", "source": "security-advisories@github.com", "tags": [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url": "https://github.com/tensorflow/tensorflow/commit/faa76f39014ed3b5e2c158593b1335522e573c7f", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6pg-pjwc-j585", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Third Party Advisory" ] } ] }