Miggo Logo

CVE-2021-37666: Reference binding to nullptr in `RaggedTensorToVariant`

7.8

CVSS Score
3.1

Basic Information

EPSS Score
0.00931%
Published
8/25/2021
Updated
11/13/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.3.42.3.4
tensorflowpip>= 2.4.0, < 2.4.32.4.3
tensorflowpip= 2.5.02.5.1
tensorflow-cpupip< 2.3.42.3.4
tensorflow-cpupip>= 2.4.0, < 2.4.32.4.3
tensorflow-cpupip= 2.5.02.5.1
tensorflow-gpupip< 2.3.42.3.4
tensorflow-gpupip>= 2.4.0, < 2.4.32.4.3
tensorflow-gpupip= 2.5.02.5.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the Compute method of RaggedTensorToVariantOp where validation of rt_nested_splits was incomplete. The commit diff shows the addition of a critical check (OP_REQUIRES) for non-empty splits in this function. Prior to the patch, the absence of this check allowed empty input to pass through, leading to undefined behavior when accessing potentially invalid splits data structures. The direct correlation between the vulnerability description, CWE-824 (uninitialized pointer access), and the patched code location confirms this function as the vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *n *tt**k*r **n **us* un***in** ****vior vi* *in*in* * r***r*n** to null point*r in `t*.r*w_ops.R*****T*nsorToV*ri*nt`: ```pyt*on import t*nsor*low *s t* t*.r*w_ops.R*****T*nsorToV*ri*nt( rt_n*st**_splits=[], rt_**ns*_v*lu*s=[*,*,*],

Reasoning

T** vuln*r**ility st*ms *rom t** *omput* m*t*o* o* R*****T*nsorToV*ri*ntOp w**r* v*li**tion o* rt_n*st**_splits w*s in*ompl*t*. T** *ommit *i** s*ows t** ***ition o* * *riti**l ****k (OP_R*QUIR*S) *or non-*mpty splits in t*is *un*tion. Prior to t** p