Miggo Logo

CVE-2021-37671: Reference binding to nullptr in map operations

7.8

CVSS Score
3.1

Basic Information

EPSS Score
0.00931%
Published
8/25/2021
Updated
11/13/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.3.42.3.4
tensorflowpip>= 2.4.0, < 2.4.32.4.3
tensorflowpip= 2.5.02.5.1
tensorflow-cpupip< 2.3.42.3.4
tensorflow-cpupip>= 2.4.0, < 2.4.32.4.3
tensorflow-cpupip= 2.5.02.5.1
tensorflow-gpupip< 2.3.42.3.4
tensorflow-gpupip>= 2.4.0, < 2.4.32.4.3
tensorflow-gpupip= 2.5.02.5.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the check_index_ordering function in map_stage_op.cc. The original implementation validated that indices were in ascending order but did not check for empty indices. The patch explicitly adds a check for indices.NumElements() == 0 to prevent null pointer dereference. This function is directly referenced in the vulnerability description and commit diff, making it the clear vulnerable entry point.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *n *tt**k*r **n **us* un***in** ****vior vi* *in*in* * r***r*n** to null point*r in `t*.r*w_ops.M*p*` *n* `t*.r*w_ops.Or**r**M*p*` op*r*tions: ```pyt*on import t*nsor*low *s t* t*.r*w_ops.M*pP**k( k*y=t*.*onst*nt([*],*typ*=t*.int**),

Reasoning

T** vuln*r**ility st*ms *rom t** ****k_in**x_or**rin* *un*tion in m*p_st***_op.**. T** ori*in*l impl*m*nt*tion v*li**t** t**t in*i**s w*r* in *s**n*in* or**r *ut *i* not ****k *or *mpty in*i**s. T** p*t** *xpli*itly ***s * ****k *or in*i**s.Num*l*m*n