Miggo Logo

CVE-2021-37654: Heap OOB and CHECK fail in `ResourceGather`

7.3

CVSS Score
3.1

Basic Information

EPSS Score
0.00961%
Published
8/25/2021
Updated
11/13/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.3.42.3.4
tensorflowpip>= 2.4.0, < 2.4.32.4.3
tensorflowpip= 2.5.02.5.1
tensorflow-cpupip< 2.3.42.3.4
tensorflow-cpupip>= 2.4.0, < 2.4.32.4.3
tensorflow-cpupip= 2.5.02.5.1
tensorflow-gpupip< 2.3.42.3.4
tensorflow-gpupip>= 2.4.0, < 2.4.32.4.3
tensorflow-gpupip= 2.5.02.5.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the ResourceGatherOp implementation where multiple loops use batch_dims_ without validating it against the tensor's rank. The code shown in the advisory demonstrates three critical loops that iterate based on batch_dims_ value, which could exceed params.dims(). The patched commit adds validation for batch_dims_ <= params.dims(), confirming this as the root cause. The Compute function is the entry point for this operation and contains the vulnerable dimension-handling logic.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *n *tt**k*r **n tri***r * *r*s* vi* * `****K`-**il in ***u* *uil*s o* T*nsor*low usin* `t*.r*w_ops.R*sour****t**r` or * r*** *rom outsi** t** *oun*s o* ***p *llo**t** **t* in t** s*m* *PI in * r*l**s* *uil*: ```pyt*on import t*nsor*low *s

Reasoning

T** vuln*r**ility st*ms *rom t** R*sour****t**rOp impl*m*nt*tion w**r* multipl* loops us* **t**_*ims_ wit*out v*li**tin* it ***inst t** t*nsor's r*nk. T** *o** s*own in t** **visory **monstr*t*s t*r** *riti**l loops t**t it*r*t* **s** on **t**_*ims_