Low severityNVD Advisory· Published May 14, 2021· Updated Aug 3, 2024

Incomplete validation in `SparseReshape`

CVE-2021-29611

Description

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The implementation(https://github.com/tensorflow/tensorflow/blob/e87b51ce05c3eb172065a6ea5f48415854223285/tensorflow/core/kernels/sparse_reshape_op.cc#L40) has no validation that the input arguments specify a valid sparse tensor. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3, as these are the only affected versions.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tensorflowPyPI	>= 2.3.0, < 2.3.3	2.3.3
tensorflowPyPI	>= 2.4.0, < 2.4.2	2.4.2
tensorflow-cpuPyPI	>= 2.3.0, < 2.3.3	2.3.3
tensorflow-cpuPyPI	>= 2.4.0, < 2.4.2	2.4.2
tensorflow-gpuPyPI	>= 2.3.0, < 2.3.3	2.3.3
tensorflow-gpuPyPI	>= 2.4.0, < 2.4.2	2.4.2

Affected products

Tensorflow/Tensorflowv5
Range: < 2.3.3

Patches

1d04d7d93f4e

Fix heap-buffer-overflow issue with `tf.raw_ops.SparseReshape`.

https://github.com/tensorflow/tensorflowAmit PatankarApr 29, 2021via ghsa

commit

1 file changed · +12 −0

tensorflow/core/kernels/sparse_reshape_op.cc+12 −0 modified

@@ -26,6 +26,7 @@ limitations under the License.
 #include "tensorflow/core/framework/types.h"
 #include "tensorflow/core/kernels/reshape_util.h"
 #include "tensorflow/core/lib/gtl/inlined_vector.h"
+#include "tensorflow/core/platform/errors.h"
 
 namespace tensorflow {
 
@@ -38,6 +39,17 @@ class SparseReshapeOp : public OpKernel {
   explicit SparseReshapeOp(OpKernelConstruction* context) : OpKernel(context) {}
 
   void Compute(OpKernelContext* context) override {
+    const Tensor& input_indices_in = context->input(0);
+    const Tensor& input_shape_in = context->input(1);
+
+    OP_REQUIRES(context, TensorShapeUtils::IsMatrix(input_indices_in.shape()),
+                errors::InvalidArgument("Input must be a matrix."));
+    OP_REQUIRES(context, TensorShapeUtils::IsVector(input_shape_in.shape()),
+                errors::InvalidArgument("Input shape must be a vector."));
+    OP_REQUIRES(context,
+                input_indices_in.dim_size(1) == input_shape_in.dim_size(0),
+                errors::InvalidArgument(
+                    "Input tensor rank must match input shape length."));
     ReshapeSparseTensor<Device>(context, context->input(0), context->input(1),
                                 context->input(2), 0 /* output indices index */,
                                 1 /* output shape index */);

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-9rpc-5v9q-5r7fghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-29611ghsaADVISORY
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-539.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-737.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-248.yamlghsaWEB
github.com/tensorflow/tensorflow/commit/1d04d7d93f4ed3854abf75d6b712d72c3f70d6b6ghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/security/advisories/GHSA-9rpc-5v9q-5r7fghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.065
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000