{ "id": "CVE-2021-29577", "sourceIdentifier": "security-advisories@github.com", "published": "2021-05-14T20:15:14.153", "lastModified": "2024-11-21T06:01:25.077", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.AvgPool3DGrad` is vulnerable to a heap buffer overflow. The implementation(https://github.com/tensorflow/tensorflow/blob/d80ffba9702dc19d1fac74fc4b766b3fa1ee976b/tensorflow/core/kernels/pooling_ops_3d.cc#L376-L450) assumes that the `orig_input_shape` and `grad` tensors have similar first and last dimensions but does not check that this assumption is validated. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range." }, { "lang": "es", "value": "TensorFlow es una plataforma de c\u00f3digo abierto de extremo a extremo para el aprendizaje autom\u00e1tico. La implementaci\u00f3n de \"tf.raw_ops.AvgPool3DGrad\" es vulnerable a un desbordamiento del b\u00fafer de la pila. La implementaci\u00f3n (https://github.com/tensorflow/tensorflow/blob/d80ffba9702dc19d1fac74fc4b766b3fa1ee976b/tensorflow/core/kernels/pooling_ops_3d.cc#L376-L450) asume que las dimensiones al inicio y al final de los tensores \"orig_input_shape\" y \"grad\" son similares pero no comprueba que esta suposici\u00f3n est\u00e9 validada. La correcci\u00f3n ser\u00e1 incluida en TensorFlow versi\u00f3n 2.5.0. Tambi\u00e9n seleccionaremos este compromiso en TensorFlow versi\u00f3n 2.4.2, TensorFlow versi\u00f3n 2.3.3, TensorFlow versi\u00f3n 2.2.3 y TensorFlow versi\u00f3n 2.1.4, ya que estos tambi\u00e9n est\u00e1n afectados y a\u00fan est\u00e1n en el rango admitido" } ], "metrics": { "cvssMetricV31": [ { "source": "security-advisories@github.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 2.5, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW" }, "exploitabilityScore": 1.0, "impactScore": 1.4 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 4.6, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 3.9, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "security-advisories@github.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-119" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-787" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.1.4", "matchCriteriaId": "323ABCCE-24EB-47CC-87F6-48C101477587" }, { "vulnerable": true, "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.2.0", "versionEndExcluding": "2.2.3", "matchCriteriaId": "64ABA90C-0649-4BB0-89C9-83C14BBDCC0F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.3.0", "versionEndExcluding": "2.3.3", "matchCriteriaId": "0F83E0CF-CBF6-4C24-8683-3E7A5DC95BA9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.4.0", "versionEndExcluding": "2.4.2", "matchCriteriaId": "8259531B-A8AC-4F8B-B60F-B69DE4767C03" } ] } ] } ], "references": [ { "url": "https://github.com/tensorflow/tensorflow/commit/6fc9141f42f6a72180ecd24021c3e6b36165fe0d", "source": "security-advisories@github.com", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6r6-84gr-92rm", "source": "security-advisories@github.com", "tags": [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url": "https://github.com/tensorflow/tensorflow/commit/6fc9141f42f6a72180ecd24021c3e6b36165fe0d", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6r6-84gr-92rm", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Third Party Advisory" ] } ] }