CVE-2021-37677: Missing validation in shape inference for `Dequantize` in TensorFlow
First published: Thu Aug 12 2021(Updated: )
### Impact The shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments: ```python import tensorflow as tf tf.compat.v1.disable_v2_behavior() tf.raw_ops.Dequantize( input_tensor = tf.constant(-10.0, dtype=tf.float32), input_tensor = tf.cast(input_tensor, dtype=tf.quint8), min_range = tf.constant([], shape=[0], dtype=tf.float32), max_range = tf.constant([], shape=[0], dtype=tf.float32), mode = 'MIN_COMBINED', narrow_range=False, axis=-10, dtype=tf.dtypes.float32) ``` The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/array_ops.cc#L2999-L3014) uses `axis` to select between two different values for `minmax_rank` which is then used to retrieve tensor dimensions. However, code assumes that `axis` can be either `-1` or a value greater than `-1`, with no validation for the other values. ### Patches We have patched the issue in GitHub commit [da857cfa0fde8f79ad0afdbc94e88b5d4bbec764](https://github.com/tensorflow/tensorflow/commit/da857cfa0fde8f79ad0afdbc94e88b5d4bbec764). The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported by Yakun Zhang of Baidu Security.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google TensorFlow | >=2.3.0<2.3.4 | |
| Google TensorFlow | >=2.4.0<2.4.3 | |
| Google TensorFlow | =2.5.0 | |
| Google TensorFlow | =2.6.0-rc0 | |
| Google TensorFlow | =2.6.0-rc1 | |
| Google TensorFlow | =2.6.0-rc2 | |
| pip/tensorflow-gpu | =2.5.0 | 2.5.1 |
| pip/tensorflow-gpu | >=2.4.0<2.4.3 | 2.4.3 |
| pip/tensorflow-gpu | <2.3.4 | 2.3.4 |
| pip/tensorflow-cpu | =2.5.0 | 2.5.1 |
| pip/tensorflow-cpu | >=2.4.0<2.4.3 | 2.4.3 |
| pip/tensorflow-cpu | <2.3.4 | 2.3.4 |
| pip/tensorflow | =2.5.0 | 2.5.1 |
| pip/tensorflow | >=2.4.0<2.4.3 | 2.4.3 |
| pip/tensorflow | <2.3.4 | 2.3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/tensorflow/tensorflow/commit/da857cfa0fde8f79ad0afdbc94e88b5d4bbec764
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qfpc-5pjr-mh26
- https://nvd.nist.gov/vuln/detail/CVE-2021-37677
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-590.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-788.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-299.yaml
- https://github.com/advisories/GHSA-qfpc-5pjr-mh26 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2021-37677?
CVE-2021-37677 has a high severity rating due to its potential to cause denial of service via a segmentation fault.
How do I fix CVE-2021-37677?
To mitigate CVE-2021-37677, upgrade TensorFlow to version 2.5.1 or later.
Which versions of TensorFlow are affected by CVE-2021-37677?
CVE-2021-37677 affects TensorFlow versions from 2.3.0 up to but not including 2.3.4, 2.4.0 up to but not including 2.4.3, and specifically includes 2.5.0 and certain release candidates of 2.6.0.
Is CVE-2021-37677 a remote attack vulnerability?
CVE-2021-37677 can be exploited by an attacker who can send crafted inputs to the vulnerable TensorFlow operations.
What are the implications of CVE-2021-37677?
CVE-2021-37677 can lead to application crashes, resulting in interrupted service and potential downtime.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/remedy
- agent/title
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-qfpc-5pjr-mh26
- alias/CVE-2021-37677
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/author
- agent/trending
- agent/tags
- agent/source
- vendor/google
- canonical/google tensorflow
- version/google tensorflow/2.3.0
- version/google tensorflow/2.4.0
- version/google tensorflow/2.5.0
- version/google tensorflow/2.6.0-rc0
- version/google tensorflow/2.6.0-rc1
- version/google tensorflow/2.6.0-rc2
- package-manager/pip