We use cookies to improve your experience on our site.
AVID-2026-R0779
Description
Overflow/denial of service in tf.raw_ops.ReverseSequence (CVE-2021-29575)
Details
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. The implementation(https://github.com/tensorflow/tensorflow/blob/5b3b071975e01f0d250c928b2a8f901cd53b90a7/tensorflow/core/kernels/reverse_sequence_op.cc#L114-L118) fails to validate that seq_dim and batch_dim arguments are valid. Negative values for seq_dim can result in stack overflow or CHECK-failure, depending on the version of Eigen code used to implement the operation. Similar behavior can be exhibited by invalid values of batch_dim. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Reason for inclusion in AVID: This CVE describes a vulnerability in TensorFlow’s ReverseSequence operation that can cause stack overflow or denial of service due to improper validation of seq_dim/batch_dim. TensorFlow is a core ML framework used to build/train/deploy AI systems; the issue affects multiple versions and is intended to be fixed in subsequent releases, indicating a software supply-chain risk in a component commonly used in AI pipelines. The report provides explicit CVE references, a detailed description of the vulnerability, affected versions, and a commit/fix reference, giving sufficient signal for curation.
References
- NVD entry
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6qgm-fv6v-rfpv
- https://github.com/tensorflow/tensorflow/commit/ecf768cbe50cedc0a45ce1ee223146a3d3d26d23
Affected or Relevant Artifacts
- Developer: tensorflow
- Deployer: tensorflow
- Artifact Details:
| Type | Name |
|---|---|
| System | tensorflow |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
| Base Score | 2.5 |
| Base Severity | 🟢 Low |
| Attack Vector | LOCAL |
| Attack Complexity | 🔴 High |
| Privileges Required | 🟢 Low |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | 🟢 Low |
CWE
| ID | Description |
|---|---|
| CWE-119 | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2021-05-14
- Version: 0.3.3
- AVID Entry