7.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-29614

GHSA ID

GHSA-8pmx-p244-g88h

EPSS Score

0.0254%

CWE

CWE-665

Published

5/21/2021

Updated

11/13/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-29614

CVE-2021-29614: Interpreter crash from `tf.io.decode_raw`

Impact

The implementation of tf.io.decode_raw produces incorrect results and crashes the Python interpreter when combining fixed_length and wider datatypes.

import tensorflow as tf

tf.io.decode_raw(tf.constant(["1","2","3","4"]), tf.uint16, fixed_length=4)

The implementation of the padded version is buggy due to a confusion about pointer arithmetic rules.

First, the code computes the width of each output element by dividing the fixed_length value to the size of the type argument:

int width = fixed_length / sizeof(T);

The fixed_length argument is also used to determine the size needed for the output tensor:

TensorShape out_shape = input.shape();
out_shape.AddDim(width);
Tensor* output_tensor = nullptr;
OP_REQUIRES_OK(context, context->allocate_output("output", out_shape, &output_tensor));

auto out = output_tensor->flat_inner_dims<T>();
T* out_data = out.data();
memset(out_data, 0, fixed_length * flat_in.size());

This is followed by reencoding code:

for (int64 i = 0; i < flat_in.size(); ++i) {
  const T* in_data = reinterpret_cast<const T*>(flat_in(i).data());

  if (flat_in(i).size() > fixed_length) {
    memcpy(out_data, in_data, fixed_length);
  } else {
    memcpy(out_data, in_data, flat_in(i).size());
  }
  out_data += fixed_length;
}

The erroneous code is the last line above: it is moving the out_data pointer by fixed_length * sizeof(T) bytes whereas it only copied at most fixed_length bytes from the input. This results in parts of the input not being decoded into the output.

Furthermore, because the pointer advance is far wider than desired, this quickly leads to writing to outside the bounds of the backing data. This OOB write leads to interpreter crash in the reproducer mentioned here, but more severe attacks can be mounted too, given that this gadget allows writing to periodically placed locations in memory.

Patches

We have patched the issue in GitHub commit 698e01511f62a3c185754db78ebce0eee1f0184d.

The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

(GitHub Advisory)

7.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-29614

GHSA ID

GHSA-8pmx-p244-g88h

EPSS Score

0.0254%

CWE

CWE-665

Published

5/21/2021

Updated

11/13/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
tensorflow	pip	< 2.1.4	2.1.4
tensorflow	pip	>= 2.2.0, < 2.2.3	2.2.3
tensorflow	pip	>= 2.3.0, < 2.3.3	2.3.3
tensorflow	pip	>= 2.4.0, < 2.4.2	2.4.2
tensorflow-cpu	pip	< 2.1.4	2.1.4
tensorflow-cpu	pip	>= 2.2.0, < 2.2.3	2.2.3
tensorflow-cpu	pip	>= 2.3.0, < 2.3.3	2.3.3
tensorflow-cpu	pip	>= 2.4.0, < 2.4.2	2.4.2
tensorflow-gpu	pip	< 2.1.4	2.1.4
tensorflow-gpu	pip	>= 2.2.0, < 2.2.3	2.2.3
tensorflow-gpu	pip	>= 2.3.0, < 2.3.3	2.3.3
tensorflow-gpu	pip	>= 2.4.0, < 2.4.2	2.4.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from incorrect pointer arithmetic in the reencoding loop of DecodePaddedRawOp::Compute. The code calculates 'width = fixed_length / sizeof(T)' but then advances the output pointer by 'fixed_length' raw bytes instead of 'width' elements. This mismatch causes the pointer to advance sizeof(T) times further than intended, leading to buffer overflow. The patch explicitly changes 'fixed_length' to 'width' in pointer advancement, confirming this as the root cause. The function's direct manipulation of memory buffers and pointer arithmetic makes it the clear vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** impl*m*nt*tion o* `t*.io.***o**_r*w` pro*u**s in*orr**t r*sults *n* *r*s**s t** Pyt*on int*rpr*t*r w**n *om*inin* `*ix**_l*n*t*` *n* wi**r **t*typ*s. ```pyt*on import t*nsor*low *s t* t*.io.***o**_r*w(t*.*onst*nt(["*","*","*","*"]),

Reasoning

T** vuln*r**ility st*ms *rom in*orr**t point*r *rit*m*ti* in t** r**n*o*in* loop o* ***o**P*****R*wOp::*omput*. T** *o** **l*ul*t*s 'wi*t* = *ix**_l*n*t* / siz*o*(T)' *ut t**n **v*n**s t** output point*r *y '*ix**_l*n*t*' r*w *yt*s inst*** o* 'wi*t*'

7.1

Basic Information

Concerned about an active attack path?

CVE-2021-29614: Interpreter crash from `tf.io.decode_raw`

Impact

Patches

For more information

7.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI