CVE-2021-37663
Vulnerability from cvelistv5
Published
2021-08-12 22:45
Modified
2024-08-04 01:23
Severity ?
EPSS score ?
Summary
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59) has some validation but does not check that `min_range` and `max_range` both have the same non-zero number of elements. If `axis` is provided (i.e., not `-1`), then validation should check that it is a value in range for the rank of `input` tensor and then the lengths of `min_range` and `max_range` inputs match the `axis` dimension of the `input` tensor. We have patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | tensorflow | tensorflow |
Version: >= 2.5.0, < 2.5.1 Version: >= 2.4.0, < 2.4.3 Version: < 2.3.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:23:01.403Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tensorflow", "vendor": "tensorflow", "versions": [ { "status": "affected", "version": "\u003e= 2.5.0, \u003c 2.5.1" }, { "status": "affected", "version": "\u003e= 2.4.0, \u003c 2.4.3" }, { "status": "affected", "version": "\u003c 2.3.4" } ] } ], "descriptions": [ { "lang": "en", "value": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59) has some validation but does not check that `min_range` and `max_range` both have the same non-zero number of elements. If `axis` is provided (i.e., not `-1`), then validation should check that it is a value in range for the rank of `input` tensor and then the lengths of `min_range` and `max_range` inputs match the `axis` dimension of the `input` tensor. We have patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-12T22:45:18", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708" } ], "source": { "advisory": "GHSA-g25h-jr74-qp5j", "discovery": "UNKNOWN" }, "title": "Incomplete validation in `QuantizeV2` in TensorFlow", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-37663", "STATE": "PUBLIC", "TITLE": "Incomplete validation in `QuantizeV2` in TensorFlow" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "tensorflow", "version": { "version_data": [ { "version_value": "\u003e= 2.5.0, \u003c 2.5.1" }, { "version_value": "\u003e= 2.4.0, \u003c 2.4.3" }, { "version_value": "\u003c 2.3.4" } ] } } ] }, "vendor_name": "tensorflow" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59) has some validation but does not check that `min_range` and `max_range` both have the same non-zero number of elements. If `axis` is provided (i.e., not `-1`), then validation should check that it is a value in range for the rank of `input` tensor and then the lengths of `min_range` and `max_range` inputs match the `axis` dimension of the `input` tensor. We have patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20: Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j", "refsource": "CONFIRM", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j" }, { "name": "https://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708" } ] }, "source": { "advisory": "GHSA-g25h-jr74-qp5j", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-37663", "datePublished": "2021-08-12T22:45:18", "dateReserved": "2021-07-29T00:00:00", "dateUpdated": "2024-08-04T01:23:01.403Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-37663\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-08-12T23:15:07.233\",\"lastModified\":\"2024-11-21T06:15:38.697\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59) has some validation but does not check that `min_range` and `max_range` both have the same non-zero number of elements. If `axis` is provided (i.e., not `-1`), then validation should check that it is a value in range for the rank of `input` tensor and then the lengths of `min_range` and `max_range` inputs match the `axis` dimension of the `input` tensor. We have patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\"},{\"lang\":\"es\",\"value\":\"TensorFlow es una plataforma de c\u00f3digo abierto de extremo a extremo para el aprendizaje autom\u00e1tico.\u0026#xa0;En las versiones afectadas debido a una comprobaci\u00f3n incompleta en \\\"tf.raw_ops.QuantizeV2\\\", un atacante puede desencadenar un comportamiento indefinido vinculando una referencia a un puntero null o puede acceder a datos fuera de l\u00edmites de las matrices asignadas a la pila.\u0026#xa0;La [implementaci\u00f3n] (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59) presenta alguna comprobaci\u00f3n, pero no comprueba que \\\"min_range\\\" y\\\" max_range\\\" tengan el mismo n\u00famero de elementos distinto de cero.\u0026#xa0;Si se proporciona \\\"axis\\\" (es decir, no\\\" -1\\\"), entonces la comprobaci\u00f3n debe verificar que sea un valor en el rango para el rango del tensor de \\\"input\\\" y luego las longitudes de las entradas de\\\" min_range\\\" y \\\"max_range\\\" coincidan con las Dimensi\u00f3n \\\"axis\\\" del tensor\\\" input\\\".\u0026#xa0;Hemos solucionado el problema en GitHub commit 6da6620efad397c85493b8f8667b821403516708.\u0026#xa0;La correcci\u00f3n ser\u00e1 incluida en TensorFlow versi\u00f3n 2.6.0.\u0026#xa0;Tambi\u00e9n seleccionaremos este commit en TensorFlow versi\u00f3n 2.5.1, TensorFlow versi\u00f3n 2.4.3 y TensorFlow versi\u00f3n 2.3.4, ya que estos tambi\u00e9n est\u00e1n afectados y a\u00fan se encuentran en el rango admitido.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndExcluding\":\"2.3.4\",\"matchCriteriaId\":\"0F83C081-51CC-415F-A8C0-0A44C75E2CD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndExcluding\":\"2.4.3\",\"matchCriteriaId\":\"BD3F2BF8-EBA9-42BF-8F9B-D918B880B15A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D03E99A7-4E3D-427D-A156-C0713E9FB02A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:2.6.0:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"70FA6E48-6C57-40CA-809F-4E3D07CBF348\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:2.6.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"42187561-E491-434D-828C-F36701446634\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:2.6.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C66B61C8-450A-4C5E-9174-F970D6DEE778\"}]}]}],\"references\":[{\"url\":\"https://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.