{"id":"CVE-2021-29512","details":"TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the `splits` tensor buffer in the implementation of the `RaggedBincount` op(https://github.com/tensorflow/tensorflow/blob/8b677d79167799f71c42fd3fa074476e0295413a/tensorflow/core/kernels/bincount_op.cc#L430-L433). Before the `for` loop, `batch_idx` is set to 0. The user controls the `splits` array, making it contain only one element, 0. Thus, the code in the `while` loop would increment `batch_idx` and then try to read `splits(1)`, which is outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3, as these are also affected.","aliases":["BIT-tensorflow-2021-29512","GHSA-4278-2v5v-65r4","PYSEC-2021-149","PYSEC-2021-440","PYSEC-2021-638"],"modified":"2026-04-11T17:12:36.669640Z","published":"2021-05-14T19:15:07.753Z","related":["GHSA-4278-2v5v-65r4"],"references":[{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/eebb96c2830d48597d055d247c0e9aebaea94cd5"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4278-2v5v-65r4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"b36436b087bd8e8701ef51718179037cccdfc26e"},{"fixed":"3929ffacfbef7c431e8397920d040aaf47acff19"},{"introduced":"582c8d236cb079023657287c318ff26adb239002"},{"fixed":"1923123d32ea41d92b70a27a3f6ecf0763b56f6c"},{"fixed":"eebb96c2830d48597d055d247c0e9aebaea94cd5"}],"database_specific":{"versions":[{"introduced":"2.3.0"},{"fixed":"2.3.3"},{"introduced":"2.4.0"},{"fixed":"2.4.2"}]}}],"versions":["v2.3.0","v2.3.1","v2.3.2","v2.4.0","v2.4.1"],"database_specific":{"vanir_signatures":[{"signature_type":"Line","digest":{"line_hashes":["50071248545797929442961525939004416823","313533363499102381398855757400300590347","34732738541755971658578122202906975538"],"threshold":0.9},"id":"CVE-2021-29512-e78c135e","source":"https://github.com/tensorflow/tensorflow/commit/eebb96c2830d48597d055d247c0e9aebaea94cd5","target":{"file":"tensorflow/core/kernels/bincount_op.cc"},"deprecated":false,"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29512.json","vanir_signatures_modified":"2026-04-11T17:12:36Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}