CVE-2021-29565

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier

Description An attacker can trigger a null pointer dereference in the implementation of tf.raw ops.SparseFillEmptyRows. This is because of missing validation that was covered under a TODO. If the dense shape tensor is empty, then dense shape t.vec<>() would cause a null pointer dereference in the implementation of the op.

Recommendations For TensorFlow versions prior to 2.5.0, update to version 2.5.0 or later. For TensorFlow versions 2.4.2 and earlier, update to version 2.4.2 or later. For TensorFlow versions 2.3.3 and earlier, update to version 2.3.3 or later. For TensorFlow versions 2.2.3 and earlier, update to version 2.2.3 or later. For TensorFlow versions 2.1.4 and earlier, update to version 2.1.4 or later. As a temporary workaround, consider avoiding the use of the tf.raw ops.SparseFillEmptyRows operation with an empty dense shape tensor until a patch is available.