Low severityNVD Advisory· Published May 14, 2021· Updated Aug 3, 2024
Crash in `tf.transpose` with complex inputs
CVE-2021-29618
Description
TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.1.4 | 2.1.4 |
tensorflowPyPI | >= 2.2.0, < 2.2.3 | 2.2.3 |
tensorflowPyPI | >= 2.3.0, < 2.3.3 | 2.3.3 |
tensorflowPyPI | >= 2.4.0, < 2.4.2 | 2.4.2 |
tensorflow-cpuPyPI | < 2.1.4 | 2.1.4 |
tensorflow-cpuPyPI | >= 2.2.0, < 2.2.3 | 2.2.3 |
tensorflow-cpuPyPI | >= 2.3.0, < 2.3.3 | 2.3.3 |
tensorflow-cpuPyPI | >= 2.4.0, < 2.4.2 | 2.4.2 |
tensorflow-gpuPyPI | < 2.1.4 | 2.1.4 |
tensorflow-gpuPyPI | >= 2.2.0, < 2.2.3 | 2.2.3 |
tensorflow-gpuPyPI | >= 2.3.0, < 2.3.3 | 2.3.3 |
tensorflow-gpuPyPI | >= 2.4.0, < 2.4.2 | 2.4.2 |
Affected products
1- Range: < 2.1.4
Patches
11dc6a7ce6e0bMerge pull request #46973 from yongtang:46891-tf.transpose-conjugate
2 files changed · +5 −2
tensorflow/core/kernels/transpose_functor.h+1 −2 modified@@ -19,6 +19,7 @@ limitations under the License. #include <numeric> #include <string> #include <vector> + #include "tensorflow/core/framework/tensor.h" #include "tensorflow/core/framework/tensor_types.h" #include "tensorflow/core/platform/logging.h" @@ -166,7 +167,6 @@ template <typename Device> Status DoTransposeImpl(const Device& d, const Tensor& in, const gtl::ArraySlice<int32> perm, bool conjugate, Tensor* out) { - CHECK_GE(in.dims(), 2); CHECK_EQ(in.dims(), out->dims()); CHECK_EQ(in.dims(), perm.size()); CHECK_EQ(in.dtype(), out->dtype()); @@ -247,7 +247,6 @@ inline Status DoMatrixTransposeImpl(const Device& device, const Tensor& in, return DoTransposeImpl(device, in, perm, conjugate, out); } - } // namespace internal } // namespace tensorflow
tensorflow/python/kernel_tests/transpose_op_test.py+4 −0 modified@@ -379,6 +379,8 @@ def testDouble(self): np.arange(0, 16).reshape([1, 2, 1, 2, 1, 2, 1, 2]).astype(np.float64)) def testComplex64(self): + self._testBoth(np.array(np.complex(1, 2)).astype(np.complex64)) + self._testBoth(np.complex(1, 2) * np.arange(0, 21).astype(np.complex64)) self._testBoth( np.complex(1, 2) * np.arange(0, 21).reshape([3, 7]).astype(np.complex64)) @@ -390,6 +392,8 @@ def testComplex64(self): np.arange(0, 1260).reshape([2, 3, 5, 7, 2, 3]).astype(np.complex64)) def testComplex128(self): + self._testBoth(np.array(np.complex(1, 2)).astype(np.complex128)) + self._testBoth(np.complex(1, 2) * np.arange(0, 21).astype(np.complex128)) self._testBoth( np.complex(1, 2) * np.arange(0, 21).reshape([3, 7]).astype(np.complex128))
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- github.com/advisories/GHSA-xqfj-cr6q-pc8wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-29618ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-546.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-744.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-255.yamlghsaWEB
- github.com/tensorflow/issues/42105ghsax_refsource_MISCWEB
- github.com/tensorflow/issues/46973ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/commit/1dc6a7ce6e0b3e27a7ae650bfc05b195ca793f88ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-xqfj-cr6q-pc8wghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.