{"id":"CVE-2021-29616","details":"TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplify(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc#L390-L401) has undefined behavior due to dereferencing a null pointer in corner cases that result in optimizing a node with no inputs. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.","aliases":["BIT-tensorflow-2021-29616","GHSA-4hvv-7x94-7vq8","PYSEC-2021-253","PYSEC-2021-544","PYSEC-2021-742"],"modified":"2026-04-11T17:25:50.478727Z","published":"2021-05-14T20:15:16.173Z","related":["GHSA-4hvv-7x94-7vq8"],"references":[{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/e6340f0665d53716ef3197ada88936c2a5f7a2d3"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvv-7x94-7vq8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"0"},{"fixed":"0931ea3d985bb9c8fdd054a5e29c4129623c849b"},{"introduced":"2b96f3662bd776e277f86997659e61046b56c315"},{"fixed":"cfe0c80169ae984bcdc99ff6de7444164aaa8e07"},{"introduced":"b36436b087bd8e8701ef51718179037cccdfc26e"},{"fixed":"3929ffacfbef7c431e8397920d040aaf47acff19"},{"introduced":"582c8d236cb079023657287c318ff26adb239002"},{"fixed":"1923123d32ea41d92b70a27a3f6ecf0763b56f6c"},{"fixed":"e6340f0665d53716ef3197ada88936c2a5f7a2d3"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1.4"},{"introduced":"2.2.0"},{"fixed":"2.2.3"},{"introduced":"2.3.0"},{"fixed":"2.3.3"},{"introduced":"2.4.0"},{"fixed":"2.4.2"}]}}],"versions":["0.5.0","0.6.0","v1.1.0-rc1","v1.1.0-rc2","v1.12.1","v1.6.0-rc1","v1.9.0-rc2","v2.1.0","v2.1.0-rc0","v2.1.0-rc1","v2.1.0-rc2","v2.1.1","v2.1.2","v2.1.3","v2.2.0","v2.2.1","v2.2.2","v2.3.0","v2.3.1","v2.3.2","v2.4.0","v2.4.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29616.json","vanir_signatures":[{"source":"https://github.com/tensorflow/tensorflow/commit/e6340f0665d53716ef3197ada88936c2a5f7a2d3","id":"CVE-2021-29616-73aaa670","digest":{"threshold":0.9,"line_hashes":["26305074956329630734423651456250320701","195838517795184843020328868693308287906","228121236678662730637858375062173376043","96955353585943261159375982491436489217","101805332762642374652257474092789059805","236917104832034198106961998847312695724","99926767946249385723561591948441584488","262870198875093489438226091671335747005"]},"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc"}},{"source":"https://github.com/tensorflow/tensorflow/commit/e6340f0665d53716ef3197ada88936c2a5f7a2d3","id":"CVE-2021-29616-8d66c8c0","digest":{"function_hash":"150813997783077556352509596355778769763","length":923},"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"function":"DependencyOptimizer::SafeToRemoveIdentity","file":"tensorflow/core/grappler/optimizers/dependency_optimizer.cc"}},{"source":"https://github.com/tensorflow/tensorflow/commit/e6340f0665d53716ef3197ada88936c2a5f7a2d3","id":"CVE-2021-29616-cd3e50e8","digest":{"threshold":0.9,"line_hashes":["2401653459520645833144423963895981966","90505323192200531526424843884349387215","320945327785604285102380465875401687296","210373789839532566124978460108653185281"]},"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"tensorflow/core/grappler/optimizers/dependency_optimizer.cc"}}],"vanir_signatures_modified":"2026-04-11T17:25:50Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}