CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
17.8%
TensorFlow is an end-to-end open source platform for machine learning. If the splits
argument of RaggedBincount
does not specify a valid SparseTensor
(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the splits
tensor buffer in the implementation of the RaggedBincount
op(https://github.com/tensorflow/tensorflow/blob/8b677d79167799f71c42fd3fa074476e0295413a/tensorflow/core/kernels/bincount_op.cc#L430-L433). Before the for
loop, batch_idx
is set to 0. The user controls the splits
array, making it contain only one element, 0. Thus, the code in the while
loop would increment batch_idx
and then try to read splits(1)
, which is outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3, as these are also affected.
[
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": ">=2.3.0, < 2.3.3"
},
{
"status": "affected",
"version": ">= 2.4.0, < 2.4.2"
}
]
}
]