CVE-2021-37667

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEncode`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unicode_ops.cc#L533-L539) reads the first dimension of the `input_splits` tensor before validating that this tensor is not empty. We have patched the issue in GitHub commit 2e0ee46f1a47675152d3d865797a18358881d7a6. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/tensorflow/tensorflow/commit/2e0ee46f1a47675152d3d865797a18358881d7a6	Patch Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w74j-v8xh-3w5h	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow:2.5.0:::::::*
	cpe:2.3:a:google:tensorflow:2.6.0:rc0::::::
	cpe:2.3:a:google:tensorflow:2.6.0:rc1::::::
	cpe:2.3:a:google:tensorflow:2.6.0:rc2::::::

History

No history.

Information

Published : 2021-08-12 22:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-37667

Mitre link : CVE-2021-37667

CVE.ORG link : CVE-2021-37667

JSON object : View

Products Affected

google

tensorflow

CWE

CWE-824

Access of Uninitialized Pointer

{"id": "CVE-2021-37667", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-08-12T22:15:08.340", "references": [{"url": "https://github.com/tensorflow/tensorflow/commit/2e0ee46f1a47675152d3d865797a18358881d7a6", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w74j-v8xh-3w5h", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-824"}]}], "descriptions": [{"lang": "en", "value": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEncode`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unicode_ops.cc#L533-L539) reads the first dimension of the `input_splits` tensor before validating that this tensor is not empty. We have patched the issue in GitHub commit 2e0ee46f1a47675152d3d865797a18358881d7a6. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range."}, {"lang": "es", "value": "TensorFlow es una plataforma de c\u00f3digo abierto de extremo a extremo para el aprendizaje autom\u00e1tico. En las versiones afectadas, un atacante puede causar un comportamiento indefinido por medio de la vinculaci\u00f3n de una referencia a un puntero null en \"tf.raw_ops.UnicodeEncode\". La [implementaci\u00f3n](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unicode_ops.cc#L533-L539) lee la primera dimensi\u00f3n del tensor \"input_splits\" antes de comprender que este tensor no est\u00e1 vac\u00edo. Hemos parcheado el problema en el commit 2e0ee46f1a47675152d3d865797a18358881d7a6 de GitHub. La correcci\u00f3n ser\u00e1 incluida en TensorFlow versi\u00f3n 2.6.0. Tambi\u00e9n seleccionaremos este commit en TensorFlow versi\u00f3n 2.5.1, TensorFlow versi\u00f3n 2.4.3, y TensorFlow versi\u00f3n 2.3.4, ya que estos tambi\u00e9n est\u00e1n afectados y todav\u00eda est\u00e1n en el rango de soporte."}], "lastModified": "2021-08-18T20:49:06.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F83C081-51CC-415F-A8C0-0A44C75E2CD6", "versionEndExcluding": "2.3.4", "versionStartIncluding": "2.3.0"}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD3F2BF8-EBA9-42BF-8F9B-D918B880B15A", "versionEndExcluding": "2.4.3", "versionStartIncluding": "2.4.0"}, {"criteria": "cpe:2.3:a:google:tensorflow:2.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D03E99A7-4E3D-427D-A156-C0713E9FB02A"}, {"criteria": "cpe:2.3:a:google:tensorflow:2.6.0:rc0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70FA6E48-6C57-40CA-809F-4E3D07CBF348"}, {"criteria": "cpe:2.3:a:google:tensorflow:2.6.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42187561-E491-434D-828C-F36701446634"}, {"criteria": "cpe:2.3:a:google:tensorflow:2.6.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C66B61C8-450A-4C5E-9174-F970D6DEE778"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}