CVE-2021-29562: 
Python vulnerability analysis and mitigation

TensorFlow, an open-source platform for machine learning, was found to contain a vulnerability (CVE-2021-29562) that allows attackers to cause a denial of service through a CHECK-failure in the implementation of tf.raw_ops.IRFFT. The vulnerability affects multiple versions of TensorFlow prior to version 2.5.0, including versions 2.1.x, 2.2.x, 2.3.x, and 2.4.x (GitHub Advisory).

The vulnerability stems from a condition where Eigen code operates on an empty matrix during the execution of tf.raw_ops.IRFFT. When specific input values are provided, it triggers an assertion failure that results in program termination. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When successfully exploited, this vulnerability leads to a denial of service condition through program termination. The impact is limited to availability, with no direct effect on confidentiality or integrity of the system (GitHub Advisory).

The vulnerability has been patched in TensorFlow 2.5.0. Additionally, the fix has been backported to TensorFlow versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4. Users are advised to upgrade to these patched versions. The fix implements additional validation checks for FFT shape elements (GitHub Advisory, TensorFlow Commit).