Denial of Service in Tensorflow
Moderate severity
GitHub Reviewed
Published
Sep 24, 2020
in
tensorflow/tensorflow
•
Updated Feb 1, 2023
Package
Affected versions
< 1.15.4
>= 2.0.0, < 2.0.3
>= 2.1.0, < 2.1.2
= 2.2.0
= 2.3.0
Patched versions
1.15.4
2.0.3
2.1.2
2.2.1
2.3.1
< 1.15.4
>= 2.0.0, < 2.0.3
>= 2.1.0, < 2.1.2
= 2.2.0
= 2.3.0
1.15.4
2.0.3
2.1.2
2.2.1
2.3.1
< 1.15.4
>= 2.0.0, < 2.0.3
>= 2.1.0, < 2.1.2
= 2.2.0
= 2.3.0
1.15.4
2.0.3
2.1.2
2.2.1
2.3.1
Description
Reviewed
Sep 25, 2020
Published to the GitHub Advisory Database
Sep 25, 2020
Published by the National Vulnerability Database
Sep 25, 2020
Last updated
Feb 1, 2023
Impact
The
SparseFillEmptyRowsGradimplementation has incomplete validation of the shapes of its arguments:https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/sparse_fill_empty_rows_op.cc#L235-L241
Although
reverse_index_map_tandgrad_values_tare accessed in a similar pattern, onlyreverse_index_map_tis validated to be of proper shape. Hence, malicious users can pass a badgrad_values_tto trigger an assertion failure invec, causing denial of service in serving installations.Patches
We have patched the issue in 390611e0d45c5793c7066110af37c8514e6a6c54 and will release a patch release for all affected versions.
We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability is a variant of GHSA-63xm-rx5p-xvqr
References