AVID-2026-R0785

Description

Segfault in CTCBeamSearchDecoder (CVE-2021-29581)

Details

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.raw_ops.CTCBeamSearchDecoder, an attacker can trigger denial of service via segmentation faults. The implementation(https://github.com/tensorflow/tensorflow/blob/a74768f8e4efbda4def9f16ee7e13cf3922ac5f7/tensorflow/core/kernels/ctc_decoder_ops.cc#L68-L79) fails to detect cases when the input tensor is empty and proceeds to read data from a null buffer. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Reason for inclusion in AVID: CVE-2021-29581 describes a segfault vulnerability in TensorFlow’s CTCBeamSearchDecoder that can trigger a denial of service via a null buffer read when given an empty input. This vulnerability resides in a widely-used AI framework, directly affecting components used to build/run ML models and pipelines. It concerns software supply chains for general-purpose AI systems (TensorFlow, ML deployment and inference stacks) and is a formal CVE with described impact and fixes, providing sufficient signal for AVID curation.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vq2r-5xvm-3hc3
• https://github.com/tensorflow/tensorflow/commit/b1b323042264740c398140da32e93fb9c2c9f33e

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2021-05-14
• Version: 0.3.3
• AVID Entry