High severityNVD Advisory· Published Aug 12, 2021· Updated Aug 4, 2024

Null pointer dereference in `SparseTensorSliceDataset` in TensorFlow

CVE-2021-37647

Description

TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, tf.raw_ops.SparseTensorSliceDataset implementation can be made to dereference a null pointer. The implementation has some argument validation but fails to consider the case when either indices or values are provided for an empty sparse tensor when the other is not. If indices is empty, then code that performs validation (i.e., checking that the indices are monotonically increasing) results in a null pointer dereference. If indices as provided by the user is empty, then indices in the C++ code above is backed by an empty std::vector, hence calling indices->dim_size(0) results in null pointer dereferencing (same as calling std::vector::at() on an empty vector). We have patched the issue in GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tensorflowPyPI	< 2.3.4	2.3.4
tensorflowPyPI	>= 2.4.0, < 2.4.3	2.4.3
tensorflowPyPI	>= 2.5.0, < 2.5.1	2.5.1
tensorflow-cpuPyPI	< 2.3.4	2.3.4
tensorflow-cpuPyPI	>= 2.4.0, < 2.4.3	2.4.3
tensorflow-cpuPyPI	>= 2.5.0, < 2.5.1	2.5.1
tensorflow-gpuPyPI	< 2.3.4	2.3.4
tensorflow-gpuPyPI	>= 2.4.0, < 2.4.3	2.4.3
tensorflow-gpuPyPI	>= 2.5.0, < 2.5.1	2.5.1

Affected products

Tensorflow/Tensorflowv5
Range: >= 2.5.0, < 2.5.1

Patches

02cc160e29d2

Prevent nullptr deref in SparseTensorSliceDataset

https://github.com/tensorflow/tensorflowMihai MaruseacAug 3, 2021via ghsa

commit

2 files changed · +31 −0

tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc+11 −0 modified

@@ -241,6 +241,17 @@ class SparseTensorSliceDatasetOp : public DatasetOpKernel {
                 errors::InvalidArgument(
                     "Input indices should be a matrix but received shape ",
                     indices->shape().DebugString()));
+
+    const auto num_indices = indices->NumElements();
+    const auto num_values = values->NumElements();
+    if (num_indices == 0 || num_values == 0) {
+      OP_REQUIRES(ctx, num_indices == num_values,
+                  errors::InvalidArgument(
+                      "If indices or values are empty, the other one must also "
+                      "be. Got indices of shape ",
+                      indices->shape().DebugString(), " and values of shape ",
+                      values->shape().DebugString()));
+    }
     OP_REQUIRES(ctx, TensorShapeUtils::IsVector(values->shape()),
                 errors::InvalidArgument(
                     "Input values should be a vector but received shape ",

tensorflow/python/data/kernel_tests/from_sparse_tensor_slices_test.py+20 −0 modified

@@ -118,6 +118,26 @@ def testEmptySparseTensorSlices(self):
       with self.assertRaises(errors.OutOfRangeError):
         sess.run(get_next)
 
+  @combinations.generate(combinations.combine(tf_api_version=1, mode=["graph"]))
+  def testEmptySparseTensorSlicesInvalid(self):
+    """Test a dataset based on invalid `tf.sparse.SparseTensor`."""
+    st = array_ops.sparse_placeholder(dtypes.float64)
+    iterator = dataset_ops.make_initializable_iterator(
+        dataset_ops.Dataset.from_sparse_tensor_slices(st))
+    init_op = iterator.initializer
+
+    with self.cached_session() as sess:
+      # Test with an empty sparse tensor but with non empty values.
+      empty_indices = np.empty((0, 4), dtype=np.int64)
+      non_empty_values = [1, 2, 3, 4]
+      empty_dense_shape = [0, 4, 37, 9]
+      sparse_feed = sparse_tensor.SparseTensorValue(empty_indices,
+                                                    non_empty_values,
+                                                    empty_dense_shape)
+      # Here, we expect the test to fail when running the feed.
+      with self.assertRaises(errors.InvalidArgumentError):
+        sess.run(init_op, feed_dict={st: sparse_feed})
+
   @combinations.generate(combinations.combine(tf_api_version=2, mode=["eager"]))
   def testFromSparseTensorSlicesError(self):
     with self.assertRaises(AttributeError):

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-c5x2-p679-95wcghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-37647ghsaADVISORY
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-560.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-758.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-269.yamlghsaWEB
github.com/tensorflow/tensorflow/commit/02cc160e29d20631de3859c6653184e3f876b9d7ghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/security/advisories/GHSA-c5x2-p679-95wcghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000