Moderate severityNVD Advisory· Published Aug 12, 2021· Updated Aug 4, 2024

Reference binding to nullptr in `RaggedTensorToSparse` in TensorFlow

CVE-2021-37656

Description

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.RaggedTensorToSparse. The implementation has an incomplete validation of the splits values: it does not check that they are in increasing order. We have patched the issue in GitHub commit 1071f554dbd09f7e101324d366eec5f4fe5a3ece. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tensorflowPyPI	< 2.3.4	2.3.4
tensorflowPyPI	>= 2.4.0, < 2.4.3	2.4.3
tensorflowPyPI	>= 2.5.0, < 2.5.1	2.5.1
tensorflow-cpuPyPI	< 2.3.4	2.3.4
tensorflow-cpuPyPI	>= 2.4.0, < 2.4.3	2.4.3
tensorflow-cpuPyPI	>= 2.5.0, < 2.5.1	2.5.1
tensorflow-gpuPyPI	< 2.3.4	2.3.4
tensorflow-gpuPyPI	>= 2.4.0, < 2.4.3	2.4.3
tensorflow-gpuPyPI	>= 2.5.0, < 2.5.1	2.5.1

Affected products

Tensorflow/Tensorflowv5
Range: >= 2.5.0, < 2.5.1

Patches

1071f554dbd0

Add missing validation to `RaggedTensorToSparse`.

https://github.com/tensorflow/tensorflowMihai MaruseacJul 30, 2021via ghsa

commit

1 file changed · +11 −1

tensorflow/core/kernels/ragged_tensor_to_sparse_kernel.cc+11 −1 modified

@@ -21,6 +21,7 @@ limitations under the License.
 #include "tensorflow/core/framework/register_types.h"
 #include "tensorflow/core/framework/tensor.h"
 #include "tensorflow/core/framework/tensor_shape.h"
+#include "tensorflow/core/platform/errors.h"
 
 namespace tensorflow {
 
@@ -38,7 +39,8 @@ class RaggedTensorToSparseOp : public OpKernel {
     OP_REQUIRES_OK(
         context, context->input_list("rt_nested_splits", &rt_nested_splits_in));
     const int rt_nested_splits_len = rt_nested_splits_in.size();
-    DCHECK_GT(rt_nested_splits_len, 0);  // Enforced by REGISTER_OP.
+    OP_REQUIRES(context, rt_nested_splits_len > 0,
+                errors::InvalidArgument("rt_nested_splits must be non empty"));
     std::vector<ConstFlatSplits> rt_nested_splits;
     rt_nested_splits.reserve(rt_nested_splits_len);
     for (int i = 0; i < rt_nested_splits_len; ++i) {
@@ -162,6 +164,14 @@ class RaggedTensorToSparseOp : public OpKernel {
       if (rt_nested_splits[i](0) != 0) {
         return InvalidArgument("First value of ragged splits must be 0.");
       }
+      for (int j = 1; j < rt_nested_splits[i].size(); ++j) {
+        if (rt_nested_splits[i](j) < rt_nested_splits[i](j - 1)) {
+          return InvalidArgument(
+              "Ragged splits should be non decreasing, but we got ",
+              rt_nested_splits[i](j - 1), " followed by ",
+              rt_nested_splits[i](j));
+        }
+      }
       if (i > 0) {
         SPLITS_TYPE last_split =
             rt_nested_splits[i - 1](rt_nested_splits[i - 1].size() - 1);

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-4xfp-4pfp-89wgghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-37656ghsaADVISORY
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-569.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-767.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-278.yamlghsaWEB
github.com/tensorflow/tensorflow/commit/1071f554dbd09f7e101324d366eec5f4fe5a3eceghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/security/advisories/GHSA-4xfp-4pfp-89wgghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000