CVE-2021-29568

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier

Description An attacker can trigger undefined behavior by binding to a null pointer in tf.raw ops.ParameterizedTruncatedNormal. This occurs because the implementation does not validate input arguments before accessing the first element of shape. If the shape argument is empty, then shape tensor.flat<T>() is an empty array.

Recommendations For TensorFlow versions prior to 2.5.0, update to version 2.5.0 or later. For TensorFlow version 2.4.2, update to version 2.4.2 or later with the cherry-picked commit. For TensorFlow version 2.3.3, update to version 2.3.3 or later with the cherry-picked commit. For TensorFlow version 2.2.3, update to version 2.2.3 or later with the cherry-picked commit. For TensorFlow version 2.1.4, update to version 2.1.4 or later with the cherry-picked commit. As a temporary workaround, consider validating the shape argument before passing it to tf.raw ops.ParameterizedTruncatedNormal to prevent undefined behavior.