CVE-2021-41216 - OpenCVE

TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape inference function does not validate that the indices in `perm` are all valid. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Tensorflow

Configuration 1 [-]

OR	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow:2.7.0:rc0::::::
	cpe:2.3:a:google:tensorflow:2.7.0:rc1::::::

No data.

References

Link	Providers
https://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-11-05T22:10:17

Updated: 2024-08-04T03:08:31.489Z

Reserved: 2021-09-15T00:00:00

Link: CVE-2021-41216

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-11-05T23:15:08.287

Modified: 2021-11-09T15:53:34.477

Link: CVE-2021-41216

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "tensorflow", "vendor": "tensorflow", "versions": [{"status": "affected", "version": ">= 2.6.0, < 2.6.1"}, {"status": "affected", "version": ">= 2.5.0, < 2.5.2"}, {"status": "affected", "version": "< 2.4.4"}]}], "descriptions": [{"lang": "en", "value": "TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape inference function does not validate that the indices in `perm` are all valid. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-11-05T22:10:16", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14"}], "source": {"advisory": "GHSA-3ff2-r28g-w7h9", "discovery": "UNKNOWN"}, "title": "Heap buffer overflow in `Transpose`", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41216", "STATE": "PUBLIC", "TITLE": "Heap buffer overflow in `Transpose`"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "tensorflow", "version": {"version_data": [{"version_value": ">= 2.6.0, < 2.6.1"}, {"version_value": ">= 2.5.0, < 2.5.2"}, {"version_value": "< 2.4.4"}]}}]}, "vendor_name": "tensorflow"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape inference function does not validate that the indices in `perm` are all valid. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9", "refsource": "CONFIRM", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9"}, {"name": "https://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14"}]}, "source": {"advisory": "GHSA-3ff2-r28g-w7h9", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:08:31.489Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-41216", "datePublished": "2021-11-05T22:10:17", "dateReserved": "2021-09-15T00:00:00", "dateUpdated": "2024-08-04T03:08:31.489Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E596567-6F67-4880-8EC4-CB262BF02E0D", "versionEndExcluding": "2.4.4", "versionStartIncluding": "2.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "035CDF63-1548-4FB4-B8A9-B8D328FAF910", "versionEndExcluding": "2.5.2", "versionStartIncluding": "2.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D68D8D1-DB27-4395-9D3D-2BED901B852C", "versionEndExcluding": "2.6.1", "versionStartIncluding": "2.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "A58EDA5C-66D6-46F1-962E-60AFB7C784A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "89522760-C2DF-400D-9624-626D8F160CBA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape inference function does not validate that the indices in `perm` are all valid. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range."}, {"lang": "es", "value": "TensorFlow es una plataforma de c\u00f3digo abierto para el aprendizaje autom\u00e1tico. En las versiones afectadas, la funci\u00f3n de inferencia de formas para \"Transpose\" es vulnerable a un desbordamiento del b\u00fafer de la pila. Esto ocurre cuando \"perm\" contiene elementos negativos. La funci\u00f3n de inferencia de formas no comprueba que los \u00edndices de \"perm\" sean todos v\u00e1lidos. La correcci\u00f3n ser\u00e1 incluida en TensorFlow versi\u00f3n 2.7.0. Tambi\u00e9n ser\u00e1 incluida este commit en TensorFlow versi\u00f3n 2.6.1, TensorFlow versi\u00f3n 2.5.2, y TensorFlow versi\u00f3n 2.4.4, ya que estos tambi\u00e9n est\u00e1n afectados y todav\u00eda est\u00e1n en el rango admitido"}], "id": "CVE-2021-41216", "lastModified": "2021-11-09T15:53:34.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-11-05T23:15:08.287", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "security-advisories@github.com", "type": "Secondary"}]}