CVE-2021-37644

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 TensorFlow version 2.3.4

Description The issue arises when a negative element is provided to the num elements list argument of tf.raw ops.TensorListReserve, causing the runtime to abort the process due to reallocating a std::vector to have a negative number of elements. This occurs because the implementation calls std::vector.resize() with the new size controlled by input given by the user, without checking that this input is valid.

Recommendations For TensorFlow versions prior to 2.6.0, update to version 2.6.0 or later. For TensorFlow version 2.5.1, apply the patch from GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2. For TensorFlow version 2.4.3, apply the patch from GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2. For TensorFlow version 2.3.4, apply the patch from GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2. As a temporary workaround, consider avoiding the use of negative elements in the num elements list argument of tf.raw ops.TensorListReserve until a patch is applied.