CVE-2021-29605

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4

Description The TFLite code for allocating TFLiteIntArrays is vulnerable to an integer overflow issue. An attacker can craft a model such that the size multiplier is so large that the return value overflows the int datatype and becomes negative. This results in an invalid value being given to malloc. In this case, ret->size would dereference an invalid pointer.

Recommendations For TensorFlow versions prior to 2.5.0, update to version 2.5.0 or later. For TensorFlow version 2.4.2, apply the patch from GitHub commit 7c8cc4ec69cd348e44ad6a2699057ca88faad3e5. For TensorFlow version 2.3.3, apply the patch from GitHub commit 7c8cc4ec69cd348e44ad6a2699057ca88faad3e5. For TensorFlow version 2.2.3, apply the patch from GitHub commit 7c8cc4ec69cd348e44ad6a2699057ca88faad3e5. For TensorFlow version 2.1.4, apply the patch from GitHub commit 7c8cc4ec69cd348e44ad6a2699057ca88faad3e5. As a temporary workaround, consider restricting the use of the TfLiteIntArrayCreate function until a patch is available.