CVE-2021-37669

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier

Description An attacker can cause denial of service in applications serving models using tf.raw ops.NonMaxSuppressionV5 by triggering a division by 0. The implementation uses a user-controlled argument to resize a std::vector. However, as std::vector::resize takes the size argument as a size t and output size is an int, there is an implicit conversion to unsigned. If the attacker supplies a negative value, this conversion results in a crash. A similar issue occurs in CombinedNonMaxSuppression.

Recommendations For versions prior to 2.6.0, update to TensorFlow 2.6.0 or later. For versions 2.5.1 and earlier, update to TensorFlow 2.5.1 or later. For versions 2.4.3 and earlier, update to TensorFlow 2.4.3 or later. For versions 2.3.4 and earlier, update to TensorFlow 2.3.4 or later. As a temporary workaround, consider disabling the tf.raw ops.NonMaxSuppressionV5 function until a patch is available. Restrict access to the CombinedNonMaxSuppression function to minimize the risk of exploitation. Avoid using the max output size parameter with negative values in the affected API endpoint until the issue is resolved.