Miggo Logo

CVE-2021-29612: Heap buffer overflow in `BandedTriangularSolve`

3.6

CVSS Score
3.1

Basic Information

EPSS Score
0.32787%
Published
5/21/2021
Updated
11/13/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.1.42.1.4
tensorflowpip>= 2.2.0, < 2.2.32.2.3
tensorflowpip>= 2.3.0, < 2.3.32.3.3
tensorflowpip>= 2.4.0, < 2.4.22.4.2
tensorflow-cpupip< 2.1.42.1.4
tensorflow-cpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-cpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-cpupip>= 2.4.0, < 2.4.22.4.2
tensorflow-gpupip< 2.1.42.1.4
tensorflow-gpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-gpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-gpupip>= 2.4.0, < 2.4.22.4.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability arises from two key issues. First, ValidateInputTensors does not check for non-empty tensors, allowing invalid inputs. Second, BandedTriangularSolveOpCpu::Compute does not check the context status after calling ValidateInputTensors, bypassing TensorFlow's error-handling mechanism (OP_REQUIRES). Together, these allow empty tensors to trigger a heap buffer overflow. The patches address both issues by adding non-empty checks and explicit status validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *n *tt**k*r **n tri***r * ***p *u***r ov*r*low in *i**n impl*m*nt*tion o* `t*.r*w_ops.**n***Tri*n*ul*rSolv*`: ```pyt*on import t*nsor*low *s t* import numpy *s np m*trix_*rr*y = np.*rr*y([]) m*trix_t*nsor = t*.*onv*rt_to_t*nsor(np.r*s*

Reasoning

T** vuln*r**ility *ris*s *rom two k*y issu*s. *irst, `V*li**t*InputT*nsors` *o*s not ****k *or non-*mpty t*nsors, *llowin* inv*li* inputs. S**on*, `**n***Tri*n*ul*rSolv*Op*pu::*omput*` *o*s not ****k t** *ont*xt st*tus **t*r **llin* `V*li**t*InputT*n