CVE-2021-29520

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4

Description: Missing validation between arguments to tf.raw ops.Conv3DBackprop* operations can result in heap buffer overflows. This occurs because the implementation assumes that the input, filter sizes, and out backprop tensors have the same shape, as they are accessed in parallel.

Recommendations: For TensorFlow versions prior to 2.5.0, update to version 2.5.0 or later. For TensorFlow version 2.4.2, apply the patch from GitHub commit 8f37b52e1320d8d72a9529b2468277791a261197. For TensorFlow version 2.3.3, apply the patch from GitHub commit 8f37b52e1320d8d72a9529b2468277791a261197. For TensorFlow version 2.2.3, apply the patch from GitHub commit 8f37b52e1320d8d72a9529b2468277791a261197. For TensorFlow version 2.1.4, apply the patch from GitHub commit 8f37b52e1320d8d72a9529b2468277791a261197. As a temporary workaround, consider disabling the tf.raw ops.Conv3DBackprop* operations until a patch is available.