Miggo Logo

CVE-2021-29575: Overflow/denial of service in `tf.raw_ops.ReverseSequence`

2.5

CVSS Score
3.1

Basic Information

EPSS Score
0.19544%
Published
5/21/2021
Updated
11/1/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.1.42.1.4
tensorflowpip>= 2.2.0, < 2.2.32.2.3
tensorflowpip>= 2.3.0, < 2.3.32.3.3
tensorflowpip>= 2.4.0, < 2.4.22.4.2
tensorflow-cpupip< 2.1.42.1.4
tensorflow-cpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-cpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-cpupip>= 2.4.0, < 2.4.22.4.2
tensorflow-gpupip< 2.1.42.1.4
tensorflow-gpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-gpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-gpupip>= 2.4.0, < 2.4.22.4.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from missing validation checks in the ReverseSequenceOp constructor where 'seq_dim' and 'batch_dim' attributes were retrieved but not properly validated. The commit diff explicitly shows these validations were added via OP_REQUIRES(context, ...) calls in this constructor, confirming this was the vulnerable location. The CWE mappings (CWE-119, CWE-787) and vulnerability description directly correlate to this lack of bounds checking in dimension arguments.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** impl*m*nt*tion o* `t*.r*w_ops.R*v*rs*S*qu*n**` *llows *or st**k ov*r*low *n*/or `****K`-**il **s** **ni*l o* s*rvi**. ```pyt*on import t*nsor*low *s t* input = t*.z*ros([*, *, *], *typ*=t*.int**) s*q_l*n*t*s = t*.*onst*nt([*], s**p*=

Reasoning

T** vuln*r**ility st*ms *rom missin* v*li**tion ****ks in t** R*v*rs*S*qu*n**Op *onstru*tor w**r* 's*q_*im' *n* '**t**_*im' *ttri*ut*s w*r* r*tri*v** *ut not prop*rly v*li**t**. T** *ommit *i** *xpli*itly s*ows t**s* v*li**tions w*r* ***** vi* OP_R*Q