Segfault in SparseCountSparseOutput
Description
TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.raw_ops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/8f7b60ee8c0206a2c99802e3a4d1bb55d2bc0624/tensorflow/core/kernels/count_ops.cc#L199-L213) assumes the first element of the dense shape is always positive and uses it to initialize a BatchedMap<T> (i.e., std::vector<absl::flat_hash_map<int64,T>>(https://github.com/tensorflow/tensorflow/blob/8f7b60ee8c0206a2c99802e3a4d1bb55d2bc0624/tensorflow/core/kernels/count_ops.cc#L27)) data structure. If the shape tensor has more than one element, num_batches is the first value in shape. Ensuring that the dense_shape argument is a valid tensor shape (that is, all elements are non-negative) solves this issue. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | >= 2.3.0, < 2.3.3 | 2.3.3 |
tensorflowPyPI | >= 2.4.0, < 2.4.2 | 2.4.2 |
tensorflow-cpuPyPI | >= 2.3.0, < 2.3.3 | 2.3.3 |
tensorflow-cpuPyPI | >= 2.4.0, < 2.4.2 | 2.4.2 |
tensorflow-gpuPyPI | >= 2.3.0, < 2.3.3 | 2.3.3 |
tensorflow-gpuPyPI | >= 2.4.0, < 2.4.2 | 2.4.2 |
Affected products
1- Range: < 2.3.3
Patches
1c57c0b9f3a4fFix the segfault in `tf.raw_ops.SparseCountSparseOutput`.
1 file changed · +9 −1
tensorflow/core/kernels/count_ops.cc+9 −1 modified@@ -197,9 +197,17 @@ class SparseCount : public OpKernel { "The shape argument requires at least one element.")); bool is_1d = shape.NumElements() == 1; - int num_batches = is_1d ? 1 : shape.flat<int64>()(0); + auto shape_vector = shape.flat<int64>(); + int num_batches = is_1d ? 1 : shape_vector(0); int num_values = values.NumElements(); + for (int b = 0; b < shape_vector.size(); b++) { + OP_REQUIRES(context, shape_vector(b) >= 0, + errors::InvalidArgument( + "Elements in dense_shape must be >= 0. Instead got:", + shape.DebugString())); + } + OP_REQUIRES(context, num_values == indices.shape().dim_size(0), errors::InvalidArgument( "Number of values must match first dimension of indices.",
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-hr84-fqvp-48mmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-29521ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-449.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-647.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-158.yamlghsaWEB
- github.com/tensorflow/tensorflow/commit/c57c0b9f3a4f8684f3489dd9a9ec627ad8b599f5ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-hr84-fqvp-48mmghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.