CVE-2021-29516

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4

Description: Calling tf.raw ops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of RaggedTensorToVariant operations does not validate that the ragged tensor argument is non-empty. Since batched ragged contains no elements, batched ragged.splits is a null vector, thus batched ragged.splits(0) will result in dereferencing nullptr.

Recommendations: For TensorFlow versions prior to 2.5.0, update to version 2.5.0 or later. For TensorFlow version 2.4.2, apply the cherrypicked commit or update to a later version. For TensorFlow version 2.3.3, apply the cherrypicked commit or update to a later version. For TensorFlow version 2.2.3, apply the cherrypicked commit or update to a later version. For TensorFlow version 2.1.4, apply the cherrypicked commit or update to a later version. As a temporary workaround, consider avoiding the use of tf.raw ops.RaggedTensorToVariant with invalid ragged tensors until a patch is available.