CVE-2021-29559

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4 are also affected

Description An attacker can access data outside of bounds of heap allocated array in tf.raw ops.UnicodeEncode. This is because the implementation assumes that the input value/input splits pair specify a valid sparse tensor.

Recommendations For TensorFlow versions prior to 2.5.0, update to version 2.5.0 or later. For TensorFlow version 2.4.2, update to a newer version that includes the fix. For TensorFlow version 2.3.3, update to a newer version that includes the fix. For TensorFlow version 2.2.3, update to a newer version that includes the fix. For TensorFlow version 2.1.4, update to a newer version that includes the fix. As a temporary workaround, consider restricting the use of the tf.raw ops.UnicodeEncode function until a patch is available.