Miggo Logo

CVE-2021-37655: Heap OOB in `ResourceScatterUpdate`

7.3

CVSS Score
3.1

Basic Information

EPSS Score
0.00961%
Published
8/25/2021
Updated
11/13/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.3.42.3.4
tensorflowpip>= 2.4.0, < 2.4.32.4.3
tensorflowpip= 2.5.02.5.1
tensorflow-cpupip< 2.3.42.3.4
tensorflow-cpupip>= 2.4.0, < 2.4.32.4.3
tensorflow-cpupip= 2.5.02.5.1
tensorflow-gpupip< 2.3.42.3.4
tensorflow-gpupip>= 2.4.0, < 2.4.32.4.3
tensorflow-gpupip= 2.5.02.5.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the validation logic in ResourceScatterUpdateOp.Compute method. The commit diff shows the vulnerable code was replaced from checking num_updates % N == 0 to proper TensorShapeUtils::StartsWith validation. The original code's element count divisibility check (lines 958-962 in pre-patch version) failed to enforce the required shape relationship, making this function's validation logic the root cause. The advisory explicitly references this implementation location and the patched validation logic confirms the vulnerable code path.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *n *tt**k*r **n tri***r * r*** *rom outsi** o* *oun*s o* ***p *llo**t** **t* *y s*n*in* inv*li* *r*um*nts to `t*.r*w_ops.R*sour**S**tt*rUp**t*`: ```pyt*on import t*nsor*low *s t* v = t*.V*ri**l*([*'vvv']) t*.r*w_ops.R*sour**S**tt*rUp**t*

Reasoning

T** vuln*r**ility st*ms *rom t** v*li**tion lo*i* in `R*sour**S**tt*rUp**t*Op.*omput*` m*t*o*. T** *ommit *i** s*ows t** vuln*r**l* *o** w*s r*pl**** *rom ****kin* `num_up**t*s % N == *` to prop*r `T*nsorS**p*Utils::St*rtsWit*` v*li**tion. T** ori*in