Haris Sahovic

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 TensorFlow version 2.3.4 **Description** The issue arises when nesting a `tf.map fn` within another `tf.map fn` call, specifically with `RaggedTensor` inputs and no function signature provided. The code assumes the output is a fully specified tensor and fills the output buffer with uninitialized contents from the heap. This can lead to memory information leaks, as the last row of the output `t` contains data from the heap. The bug is in the conversion from a `Variant` tensor to a `RaggedTensor`, where the implementation does not check for matching inner shapes, resulting in additional dimensions. This can also cause data loss if the input tensor is tweaked. **Recommendations** For TensorFlow versions prior to 2.6.0, update to version 2.6.0 or later. For TensorFlow version 2.5.1, apply the patch from GitHub commit 4e2565483d0ffcadc719bd44893fb7f609bb5f12 or update to a later version. For TensorFlow version 2.4.3, apply the patch from GitHub commit 4e2565483d0ffcadc719bd44893fb7f609bb5f12 or update to a later version. For TensorFlow version 2.3.4, apply the patch from GitHub commit 4e2565483d0ffcadc719bd44893fb7f609bb5f12 or update to a later version. As a temporary workaround, consider avoiding the use of nested `tf.map fn` calls with `RaggedTensor` inputs until the issue is resolved.