Denial of Service in Tensorflow
Moderate severity
GitHub Reviewed
Published
Sep 24, 2020
in
tensorflow/tensorflow
•
Updated Oct 28, 2024
Package
Affected versions
< 1.15.4
>= 2.0.0, < 2.0.3
>= 2.1.0, < 2.1.2
= 2.2.0
= 2.3.0
Patched versions
1.15.4
2.0.3
2.1.2
2.2.1
2.3.1
< 1.15.4
>= 2.0.0, < 2.0.3
>= 2.1.0, < 2.1.2
= 2.2.0
= 2.3.0
1.15.4
2.0.3
2.1.2
2.2.1
2.3.1
< 1.15.4
>= 2.0.0, < 2.0.3
>= 2.1.0, < 2.1.2
= 2.2.0
= 2.3.0
1.15.4
2.0.3
2.1.2
2.2.1
2.3.1
Description
Reviewed
Sep 25, 2020
Published to the GitHub Advisory Database
Sep 25, 2020
Published by the National Vulnerability Database
Sep 25, 2020
Last updated
Oct 28, 2024
Impact
The
SparseFillEmptyRowsGrad
implementation has incomplete validation of the shapes of its arguments:https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/sparse_fill_empty_rows_op.cc#L235-L241
Although
reverse_index_map_t
andgrad_values_t
are accessed in a similar pattern, onlyreverse_index_map_t
is validated to be of proper shape. Hence, malicious users can pass a badgrad_values_t
to trigger an assertion failure invec
, causing denial of service in serving installations.Patches
We have patched the issue in 390611e0d45c5793c7066110af37c8514e6a6c54 and will release a patch release for all affected versions.
We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability is a variant of GHSA-63xm-rx5p-xvqr
References