CVE-2021-37647

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 TensorFlow version 2.3.4

Description The issue arises when a user does not supply arguments that determine a valid sparse tensor, causing the tf.raw ops.SparseTensorSliceDataset implementation to dereference a null pointer. This occurs when either indices or values are provided for an empty sparse tensor when the other is not. Specifically, if indices is empty, the code that performs validation results in a null pointer dereference. The indices in the C++ code is backed by an empty std::vector, and calling indices->dim size(0) results in null pointer dereferencing.

Recommendations For TensorFlow versions prior to 2.6.0, update to TensorFlow 2.6.0 or later to resolve the issue. For TensorFlow version 2.5.1, apply the patch from GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7 or update to a later version. For TensorFlow version 2.4.3, apply the patch from GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7 or update to a later version. For TensorFlow version 2.3.4, apply the patch from GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7 or update to a later version. As a temporary workaround, consider validating user-supplied indices and values to ensure they determine a valid sparse tensor before passing them to tf.raw ops.SparseTensorSliceDataset.