CVE-2021-29521

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.1 and earlier TensorFlow versions 2.3.2 and earlier

Description: Specifying a negative dense shape in tf.raw ops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the implementation assumes the first element of the dense shape is always positive and uses it to initialize a BatchedMap<T> data structure. Ensuring that the dense shape argument is a valid tensor shape solves this issue.

Recommendations: For TensorFlow versions prior to 2.5.0, update to TensorFlow 2.5.0 or later to resolve the issue. For TensorFlow versions 2.4.1 and earlier, update to TensorFlow 2.4.2 or later to resolve the issue. For TensorFlow versions 2.3.2 and earlier, update to TensorFlow 2.3.3 or later to resolve the issue. As a temporary workaround, ensure that the dense shape argument is a valid tensor shape, with all elements being non-negative, to prevent the segmentation fault.