Miggo Logo

CVE-2021-29579: Heap buffer overflow in `MaxPoolGrad`

2.5

CVSS Score
3.1

Basic Information

EPSS Score
0.02871%
Published
5/21/2021
Updated
11/1/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.1.42.1.4
tensorflowpip>= 2.2.0, < 2.2.32.2.3
tensorflowpip>= 2.3.0, < 2.3.32.3.3
tensorflowpip>= 2.4.0, < 2.4.22.4.2
tensorflow-cpupip< 2.1.42.1.4
tensorflow-cpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-cpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-cpupip>= 2.4.0, < 2.4.22.4.2
tensorflow-gpupip< 2.1.42.1.4
tensorflow-gpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-gpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-gpupip>= 2.4.0, < 2.4.22.4.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the loop in SpatialMaxPoolWithArgMaxHelper where out_backprop_flat(index) is accessed without validating the index against out_backprop.NumElements(). The patch adds an explicit check (index < out_backprop.NumElements()), confirming this was the missing validation. The function's location in maxpooling_op.cc and its direct involvement in gradient computation for MaxPool operations align with the vulnerability description and patch details.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** impl*m*nt*tion o* `t*.r*w_ops.M*xPool*r**` is vuln*r**l* to * ***p *u***r ov*r*low: ```pyt*on import t*nsor*low *s t* ori*_input = t*.*onst*nt([*.*], s**p*=[*, *, *, *], *typ*=t*.*lo*t**) ori*_output = t*.*onst*nt([*.*], s**p*=[*,

Reasoning

T** vuln*r**ility st*ms *rom t** loop in Sp*ti*lM*xPoolWit**r*M*x**lp*r w**r* out_***kprop_*l*t(in**x) is ****ss** wit*out v*li**tin* t** in**x ***inst out_***kprop.Num*l*m*nts(). T** p*t** ***s *n *xpli*it ****k (in**x < out_***kprop.Num*l*m*nts()),