CVE-2021-29575

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier

Description The implementation of tf.raw ops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. The implementation fails to validate that seq dim and batch dim arguments are valid. Negative values for seq dim can result in stack overflow or CHECK-failure, depending on the version of Eigen code used to implement the operation. Similar behavior can be exhibited by invalid values of batch dim.

Recommendations For versions prior to 2.5.0, update to TensorFlow 2.5.0 or later. For versions 2.4.2 and earlier, update to TensorFlow 2.4.2 or later. For versions 2.3.3 and earlier, update to TensorFlow 2.3.3 or later. For versions 2.2.3 and earlier, update to TensorFlow 2.2.3 or later. For versions 2.1.4 and earlier, update to TensorFlow 2.1.4 or later. As a temporary workaround, consider validating the seq dim and batch dim arguments before passing them to tf.raw ops.ReverseSequence to prevent stack overflow or CHECK-failure.