CVE-2021-29581

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier

Description Due to lack of validation in tf.raw ops.CTCBeamSearchDecoder, an attacker can trigger denial of service via segmentation faults. The implementation fails to detect cases when the input tensor is empty and proceeds to read data from a null buffer.

Recommendations For TensorFlow versions prior to 2.5.0, update to version 2.5.0 or later. For TensorFlow versions 2.4.2 and earlier, update to version 2.4.2 or later. For TensorFlow versions 2.3.3 and earlier, update to version 2.3.3 or later. For TensorFlow versions 2.2.3 and earlier, update to version 2.2.3 or later. For TensorFlow versions 2.1.4 and earlier, update to version 2.1.4 or later. As a temporary workaround, consider disabling the tf.raw ops.CTCBeamSearchDecoder function until a patch is available.