Miggo Logo

CVE-2021-37641: Heap OOB in `RaggedGather`

7.1

CVSS Score
3.1

Basic Information

EPSS Score
0.00931%
Published
8/25/2021
Updated
11/13/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.3.42.3.4
tensorflowpip>= 2.4.0, < 2.4.32.4.3
tensorflowpip= 2.5.02.5.1
tensorflow-cpupip< 2.3.42.3.4
tensorflow-cpupip>= 2.4.0, < 2.4.32.4.3
tensorflow-cpupip= 2.5.02.5.1
tensorflow-gpupip< 2.3.42.3.4
tensorflow-gpupip>= 2.4.0, < 2.4.32.4.3
tensorflow-gpupip= 2.5.02.5.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two missing validation checks in the Compute function: 1) No check for empty params_nested_splits list (OP_REQUIRES added in patch), and 2) Premature access of split tensor dimensions before verifying rank >=1 (DCHECK_GT was insufficient as it's debug-only). The function's direct access to dim_size(0) without proper validation of tensor rank and split list contents made it vulnerable to heap OOB reads.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t I* t** *r*um*nts to `t*.r*w_ops.R*******t**r` *on't **t*rmin* * v*li* r***** t*nsor *o** **n tri***r * r*** *rom outsi** o* *oun*s o* ***p *llo**t** *u***rs.

Reasoning

T** vuln*r**ility st*ms *rom two missin* v*li**tion ****ks in t** *omput* *un*tion: *) No ****k *or *mpty p*r*ms_n*st**_splits list (OP_R*QUIR*S ***** in p*t**), *n* *) Pr*m*tur* ****ss o* split t*nsor *im*nsions ***or* v*ri*yin* r*nk >=* (*****K_*T