CVE-2021-29584

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4

Description An attacker can trigger a denial of service via a CHECK-fail caused by an integer overflow in constructing a new tensor shape. This occurs because the implementation builds a dense shape without checking that the dimensions would not result in overflow. The TensorShape constructor uses a CHECK operation which triggers when InitDims returns a non-OK status. This is a legacy implementation of the constructor and operations should use BuildTensorShapeBase or AddDimWithStatus to prevent CHECK-failures in the presence of overflows.

Recommendations Update to TensorFlow 2.5.0 or later to resolve the issue. For versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4, apply the cherrypicked commit to fix the issue. As a temporary workaround, consider using BuildTensorShapeBase or AddDimWithStatus to prevent CHECK-failures in the presence of overflows. Restrict access to the TensorShape constructor to minimize the risk of exploitation.