CVE-2021-29560: 
Python vulnerability analysis and mitigation

TensorFlow, an end-to-end open source platform for machine learning, was found to contain a heap buffer overflow vulnerability (CVE-2021-29560) in the tf.raw_ops.RaggedTensorToTensor operation. The vulnerability was discovered by Ying Wang and Yakun Zhang of Baidu X-Team and affects TensorFlow versions prior to 2.5.0. The issue was patched in versions 2.1.4, 2.2.3, 2.3.3, and 2.4.2 (GitHub Advisory).

The vulnerability occurs because the implementation uses the same index to access two arrays in parallel. The issue is located in the code where a loop iterates through row splits: for (INDEX_TYPE i = 0; i < row_split_size - 1; ++i). Since the user controls the shape of the input arguments, an attacker could trigger a heap out-of-bounds access when parent_output_index is shorter than row_split. The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) by NVD and 2.5 (LOW) by GitHub (NVD).

The vulnerability allows an attacker to cause a heap buffer overflow, which could potentially lead to memory corruption and unauthorized access to heap-allocated data. This could result in system crashes or potential arbitrary code execution (GitHub Advisory).

The vulnerability has been patched in GitHub commit a84358aa12f0b1518e606095ab9cfddbf597c121. Users are advised to upgrade to TensorFlow version 2.5.0 or apply the following patched versions: TensorFlow 2.4.2, 2.3.3, 2.2.3, or 2.1.4. The fix implements additional validation to check if the row partition size is greater than the output size (GitHub Commit).