CVE-2021-29534

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier

Description: An attacker can trigger a denial of service via a CHECK-fail in tf.raw ops.SparseConcat. This occurs because the implementation takes the values specified in shapes[0] as dimensions for the output shape. The TensorShape constructor uses a CHECK operation which triggers when InitDims returns a non-OK status, typically due to overflow when adding a dimension from the argument. This is a legacy implementation of the constructor, and operations should use BuildTensorShapeBase or AddDimWithStatus to prevent CHECK-failures in the presence of overflows.

Recommendations: For versions prior to 2.5.0, update to TensorFlow 2.5.0 or later. For versions 2.4.2 and earlier, update to TensorFlow 2.4.2 or later. For versions 2.3.3 and earlier, update to TensorFlow 2.3.3 or later. For versions 2.2.3 and earlier, update to TensorFlow 2.2.3 or later. For versions 2.1.4 and earlier, update to TensorFlow 2.1.4 or later. As a temporary workaround, consider avoiding the use of tf.raw ops.SparseConcat with large input shapes until a patch is available.