CVE-2021-29552

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier

Description An attacker can cause a denial of service by controlling the values of num segments tensor argument for UnsortedSegmentJoin. This is because the implementation assumes that the num segments tensor is a valid scalar. Since the tensor is empty, the CHECK involved in .scalar<T>()() that checks that the number of elements is exactly 1 will be invalidated, resulting in process termination.

Recommendations For versions prior to 2.5.0, update to TensorFlow 2.5.0 or later. For versions 2.4.2 and earlier, update to TensorFlow 2.4.2 or later. For versions 2.3.3 and earlier, update to TensorFlow 2.3.3 or later. For versions 2.2.3 and earlier, update to TensorFlow 2.2.3 or later. For versions 2.1.4 and earlier, update to TensorFlow 2.1.4 or later. As a temporary workaround, consider restricting the use of the UnsortedSegmentJoin function with empty num segments tensors until a patch is available.