Miggo Logo

CVE-2021-29536: Heap buffer overflow in `QuantizedReshape`

2.5

CVSS Score
3.1

Basic Information

EPSS Score
0.02934%
Published
5/21/2021
Updated
10/30/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.1.42.1.4
tensorflowpip>= 2.2.0, < 2.2.32.2.3
tensorflowpip>= 2.3.0, < 2.3.32.3.3
tensorflowpip>= 2.4.0, < 2.4.22.4.2
tensorflow-cpupip< 2.1.42.1.4
tensorflow-cpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-cpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-cpupip>= 2.4.0, < 2.4.22.4.2
tensorflow-gpupip< 2.1.42.1.4
tensorflow-gpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-gpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-gpupip>= 2.4.0, < 2.4.22.4.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the unvalidated direct access to tensor elements in QuantizedReshapeOp's Compute method. The original implementation assumed inputs 2 and 3 (input_min/input_max) were valid scalars but didn't check tensor dimensions/sizes. The patch added explicit validation (OP_REQUIRES) for scalar/vector shape, confirming the vulnerability existed in the pre-patch version of this function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *n *tt**k*r **n **us* * ***p *u***r ov*r*low in `Qu*ntiz**R*s**p*` *y p*ssin* in inv*li* t*r*s*ol*s *or t** qu*ntiz*tion: ```pyt*on import t*nsor*low *s t* t*nsor = t*.*onst*nt([], *typ*=t*.qint**) s**p* = t*.*onst*nt([], *typ*=t*.int**)

Reasoning

T** vuln*r**ility st*ms *rom t** unv*li**t** *ir**t ****ss to t*nsor *l*m*nts in Qu*ntiz**R*s**p*Op's *omput* m*t*o*. T** ori*in*l impl*m*nt*tion *ssum** inputs * *n* * (input_min/input_m*x) w*r* v*li* s**l*rs *ut *i*n't ****k t*nsor *im*nsions/siz*s