CVE-2021-29618

Name of the Vulnerable Software and Affected Versions TensorFlow versions 2.1.4 through 2.4.2 TensorFlow version 2.5.0 is not affected as it includes the fix.

Description Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash. The issue arises when using the tf.transpose function with specific arguments, such as conjugate=True and a complex value for a, for example, tf.transpose(conjugate=True, a=complex(1)).

Recommendations For TensorFlow versions 2.1.4, 2.2.3, 2.3.3, and 2.4.2, update to the respective version with the cherrypicked commit to resolve the issue. For versions prior to 2.1.4, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider avoiding the use of conjugate=True with complex arguments in the tf.transpose function until a patch is available.