Use After Free Affecting tensorflow-cpu package, versions [2.5.0,2.5.1)[2.4.0,2.4.3)[,2.3.4)


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.17% (8th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-TENSORFLOWCPU-1540786
  • published13 Aug 2021
  • disclosed13 Aug 2021
  • creditUnknown

Introduced: 13 Aug 2021

CVE-2021-37652  (opens in a new tab)
CWE-416  (opens in a new tab)

How to fix?

Upgrade tensorflow-cpu to version 2.5.1, 2.4.3, 2.3.4 or higher.

Overview

tensorflow-cpu is a machine learning framework.

Affected versions of this package are vulnerable to Use After Free. The implementation for tf.raw_ops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies specially crafted arguments. The implementation uses a reference counted resource and decrements the refcount if the initialization fails, as it should. However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent free-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resource has been freed.

References

CVSS Base Scores

version 3.1