CVE-2021-37666: Reference binding to nullptr in `RaggedTensorToVariant`
7.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.00931%
CWE
Published
8/25/2021
Updated
11/13/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
tensorflow | pip | < 2.3.4 | 2.3.4 |
tensorflow | pip | >= 2.4.0, < 2.4.3 | 2.4.3 |
tensorflow | pip | = 2.5.0 | 2.5.1 |
tensorflow-cpu | pip | < 2.3.4 | 2.3.4 |
tensorflow-cpu | pip | >= 2.4.0, < 2.4.3 | 2.4.3 |
tensorflow-cpu | pip | = 2.5.0 | 2.5.1 |
tensorflow-gpu | pip | < 2.3.4 | 2.3.4 |
tensorflow-gpu | pip | >= 2.4.0, < 2.4.3 | 2.4.3 |
tensorflow-gpu | pip | = 2.5.0 | 2.5.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from the Compute method of RaggedTensorToVariantOp where validation of rt_nested_splits was incomplete. The commit diff shows the addition of a critical check (OP_REQUIRES) for non-empty splits in this function. Prior to the patch, the absence of this check allowed empty input to pass through, leading to undefined behavior when accessing potentially invalid splits data structures. The direct correlation between the vulnerability description, CWE-824 (uninitialized pointer access), and the patched code location confirms this function as the vulnerable component.