CVE-2021-29556

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4

Description An attacker can cause a denial of service via a FPE runtime error in tf.raw ops.Reverse. This is because the implementation performs a division based on the first dimension of the tensor argument. The issue can be triggered by controlling the first dimension of the tensor argument, allowing an attacker to cause a denial of service.

Recommendations For TensorFlow versions prior to 2.5.0, update to version 2.5.0 or later. For TensorFlow version 2.4.2, apply the patch from GitHub commit 4071d8e2f6c45c1955a811fee757ca2adbe462c1. For TensorFlow version 2.3.3, apply the patch from GitHub commit 4071d8e2f6c45c1955a811fee757ca2adbe462c1. For TensorFlow version 2.2.3, apply the patch from GitHub commit 4071d8e2f6c45c1955a811fee757ca2adbe462c1. For TensorFlow version 2.1.4, apply the patch from GitHub commit 4071d8e2f6c45c1955a811fee757ca2adbe462c1. As a temporary workaround, consider avoiding the use of tf.raw ops.Reverse until a patch is applied.