AVID-2026-R0764

Description

Heap OOB access in unicode ops (CVE-2021-29559)

Details

TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in tf.raw_ops.UnicodeEncode. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/472c1f12ad9063405737679d4f6bd43094e1d36d/tensorflow/core/kernels/unicode_ops.cc) assumes that the input_value/input_splits pair specify a valid sparse tensor. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Reason for inclusion in AVID: CVE-2021-29559 describes a heap-out-of-bounds read in TensorFlow’s UnicodeEncode operation, a vulnerability in a core AI framework. TensorFlow is a widely used component in AI model development, training, serving, and deployment pipelines, making this relevant to the software supply chain of general-purpose AI systems. The issue is a CVE-style security vulnerability with public advisories and fixes, and the report provides sufficient evidence (CVE entry, GitHub advisory, commit).

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-59q2-x2qc-4c97
• https://github.com/tensorflow/tensorflow/commit/51300ba1cc2f487aefec6e6631fef03b0e08b298

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2021-05-14
• Version: 0.3.3
• AVID Entry