CVE-2021-29575: 
Python vulnerability analysis and mitigation

TensorFlow, an end-to-end open source platform for machine learning, was found to contain a vulnerability in the implementation of tf.raw_ops.ReverseSequence that could lead to stack overflow and denial of service conditions. The vulnerability, identified as CVE-2021-29575, was discovered by Ying Wang and Yakun Zhang of Baidu X-Team and disclosed on May 14, 2021. The issue affected multiple versions of TensorFlow prior to version 2.5.0 (GitHub Advisory).

The vulnerability stems from the implementation's failure to validate the seq_dim and batch_dim arguments in the ReverseSequence operation. Negative values for seq_dim could trigger stack overflow or CHECK-failure, depending on the version of Eigen code used. Similar issues could occur with invalid values of batch_dim. The vulnerability has been assigned a CVSS v3.1 score of 7.8 (HIGH) (NVD Results).

When exploited, this vulnerability could lead to stack overflow conditions or denial of service through CHECK-failure, potentially causing program termination. The impact varies depending on the specific version of the Eigen code implementation being used (GitHub Advisory).

The vulnerability was patched in GitHub commit ecf768cbe50cedc0a45ce1ee223146a3d3d26d23 and included in TensorFlow 2.5.0. The fix was also backported to versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4. Users are advised to upgrade to these patched versions to mitigate the vulnerability (GitHub Advisory).