CVE-2021-29514

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3

Description: The issue arises when the splits argument of RaggedBincount does not specify a valid SparseTensor. This can trigger a heap buffer overflow, causing a read from outside the bounds of the splits tensor buffer in the implementation of the RaggedBincount op. An attacker can exploit this by setting splits(0) to a value that prevents the while loop from executing, resulting in writing to a location before the heap allocated buffer for the output tensor.

Recommendations: For TensorFlow versions prior to 2.5.0, update to version 2.5.0 or later. For TensorFlow version 2.4.2, update to a version that includes the cherrypicked commit. For TensorFlow version 2.3.3, update to a version that includes the cherrypicked commit. As a temporary workaround, consider restricting the use of the RaggedBincount op with untrusted input until a patch is available.