CVE-2021-29529
Heap buffer overflow caused by roundingTensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in `tf.raw_ops.QuantizedResizeBilinear` by manipulating input values so that float rounding results in off-by-one error in accessing image elements. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/44b7f486c0143f68b56c34e2d01e146ee445134a/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L62-L66) computes two integers (representing the upper and lower bounds for interpolation) by ceiling and flooring a floating point value. For some values of `in`, `interpolation->upper[i]` might be smaller than `interpolation->lower[i]`. This is an issue if `interpolation->upper[i]` is capped at `in_size-1` as it means that `interpolation->lower[i]` points outside of the image. Then, in the interpolation code(https://github.com/tensorflow/tensorflow/blob/44b7f486c0143f68b56c34e2d01e146ee445134a/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L245-L264), this would result in heap buffer overflow. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
We have discovered 25 live websites that are affected by CVE-2021-29529.
Affected Software
| Product | |
| Category | JavaScript Libraries |
| Vulnerable Domains | 25 live websites (6.98% of tensorflow install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 4 versions ( 57% of all versions) |
Common Weakness Enumeration
CWE-131 Incorrect Calculation of Buffer SizeDetails
- Published - May 14, 2021
- Updated - Aug 3, 2024
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2021-29529 United States | 17 websites |
 Germany | 2 websites |
 India | 2 websites |
 Brazil | 1 websites |
 Canada | 1 websites |
 Korea, South | 1 websites |
 Netherlands | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2021-29529| .com | 14 websites |
| .net | 2 websites |
| .com.br | 1 websites |
| .org | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2021-29529
Top websites that are affected by CVE-2021-29529. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.com | United States | ***,*** | |
| ************.com | United States | ***,*** | |
| ******.me | United States | *,***,*** | |
| ***********.com | United States | *,***,*** | |
| ************.com | United States | *,***,*** | |
| ****.net | United States | *,***,*** | |
| ***********.com | United States | *,***,*** | |
| *******.**.kr | Korea, South | *,***,*** | |
| **********.com | Netherlands | *,***,*** | |
| ********.app | United States | *,***,*** |
FAQ
CVE-2021-29529 is Incorrect Calculation of Buffer Size in tensorflow
A total of 25 websites have been identified as vulnerable to CVE-2021-29529, based on global website indexing conducted by WebTechSurvey.
The tensorflow is affected by the CVE-2021-29529 vulnerability.
tensorflow versions up to 2.4.2 are vulnerable to CVE-2021-29529.
CVE-2021-29529 is resolved in version 2.4.2 of tensorflow.