{"id":"CVE-2021-37686","details":"TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for [ellipsis in axis definition](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/strided_slice.cc#L103-L122). An attacker can craft a model such that `ellipsis_end_idx` is smaller than `i` (e.g., always negative). In this case, the inner loop does not increase `i` and the `continue` statement causes execution to skip over the preincrement at the end of the outer loop. We have patched the issue in GitHub commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695. TensorFlow 2.6.0 is the only affected version.","aliases":["BIT-tensorflow-2021-37686","GHSA-mhhc-q96p-mfm9","PYSEC-2021-308","PYSEC-2021-599","PYSEC-2021-797"],"modified":"2026-03-13T22:00:26.808193Z","published":"2021-08-12T22:15:08.967Z","related":["GHSA-mhhc-q96p-mfm9","openSUSE-SU-2022:10014-1","openSUSE-SU-2024:12116-1"],"references":[{"type":"ADVISORY","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mhhc-q96p-mfm9"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"b36436b087bd8e8701ef51718179037cccdfc26e"},{"fixed":"7462dcaae1e8cfe1dfd0c62dd6083f9749a9d827"},{"introduced":"582c8d236cb079023657287c318ff26adb239002"},{"fixed":"4c0b84bf2a714bcdd18da1f1f94d533d72399d52"},{"introduced":"0"},{"last_affected":"a4dfb8d1a71385bd6d122e4f27f86dcebb96712d"},{"introduced":"0"},{"last_affected":"a5317d67e6ce6e93de18011bfdcdd4ff7aa894cf"},{"introduced":"0"},{"last_affected":"79f2d3a179ac6ea6b4c3d07b6849afad4e8730cd"},{"introduced":"0"},{"last_affected":"5368d50428b30b7c9ccd038aec65d09252d16596"},{"fixed":"dfa22b348b70bb89d6d6ec0ff53973bacb4f4695"}],"database_specific":{"versions":[{"introduced":"2.3.0"},{"fixed":"2.3.4"},{"introduced":"2.4.0"},{"fixed":"2.4.3"},{"introduced":"0"},{"last_affected":"2.5.0"},{"introduced":"0"},{"last_affected":"2.6.0-rc0"},{"introduced":"0"},{"last_affected":"2.6.0-rc1"},{"introduced":"0"},{"last_affected":"2.6.0-rc2"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-37686.json","vanir_signatures":[{"digest":{"function_hash":"143544202537313204508406830693510476432","length":928},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2021-37686-0b110a7b","target":{"file":"tensorflow/lite/kernels/pooling.cc","function":"AverageEvalQuantizedUint8"}},{"digest":{"function_hash":"317214675110872046061693038213884369092","length":1728},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2021-37686-1aaff6ed","target":{"file":"tensorflow/lite/kernels/internal/reference/integer_ops/pooling.h","function":"AveragePool"}},{"digest":{"function_hash":"321315077331483339639689115985628254583","length":942},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2021-37686-1f3cbca2","target":{"file":"tensorflow/lite/kernels/pooling.cc","function":"AverageEvalQuantizedInt8"}},{"digest":{"function_hash":"263527065909926952938739376439608543704","length":3475},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2021-37686-224c70af","target":{"file":"tensorflow/lite/kernels/internal/optimized/integer_ops/pooling.h","function":"AveragePool"}},{"digest":{"threshold":0.9,"line_hashes":["299666033148654188996992585554673153789","160731831032962662493661453079735735172","304501883202949003973770721996025683744","32704760779852204755950989013105065132","91307159360382347184990090999597059316","38969049301477277839386979473355490727","254472421294782186261688992459505672677","124174043409814447459430820654771205494","45289104276074418355786856027973441572"]},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2021-37686-35dcf542","target":{"file":"tensorflow/lite/kernels/internal/averagepool_quantized_test.cc"}},{"digest":{"function_hash":"251826010013058484973394236524624980969","length":851},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2021-37686-4e6c64db","target":{"file":"tensorflow/lite/kernels/pooling.cc","function":"AverageEvalQuantizedInt16"}},{"digest":{"threshold":0.9,"line_hashes":["58160071227191133710247258424898720219","221303420282560162897193183777257560180","238344735739119659765184536430107555428","312488091052101231167480429301031579673","118989298305319855228371305955859934731","150311510848961006252330820345688364175","338999901173074051597889452106985941656","168534343867078671822421113271999832407","8434539235143823467564852999938875874","275881278853309565458405128121063102257","191939913379233452897610430999685705336","223274156695616404735873218589514963801","134548628968116778797838431939527333308","334403956954520218001429730294327817841","306522969949105517268324884749470665999","315893757410299931851314000033654581204","225172650585130755590371615157756737466","130803183361694072045646490750115072083","271599995586489163553561785969443728110","317602688454682269876974179797720827766","714104165807350826634564775855549625","3171096699164061570528811705389178391","39899925370138294602834733778262466728","306521673366807587921966264349694795971","57188689911492459917129816822059621276","234123226939689609481251363067037954563","89855486150965415630218258732545421282","64299216301905180462902310812018510816","137859064370951004078838172083981761328","150883302697097430163700130988064785895","258788741431234282224402442360671994194","156995870437377231715523888954504534034","241080059691349686590742116510823109251","162351739150682085394743060147443899980","83495060877905114453686333572816169889","251962967068890413536903947142980063435","235656452082402070833688960470720649572","275881278853309565458405128121063102257","191939913379233452897610430999685705336","223274156695616404735873218589514963801","134548628968116778797838431939527333308","207618430807046733506708081182961619807","276908958195382199926387780253749031333","33970245830395231090454663751823182797","185221978679746446272884303483658206721","265774516019865954950121492980248252193","139884511250953876436698163122019642785","156249074965799545956216275591756630241","278751575702635853602077421994369796823","3171096699164061570528811705389178391","39899925370138294602834733778262466728","306521673366807587921966264349694795971","57188689911492459917129816822059621276","234123226939689609481251363067037954563","23409601368802221844592391863085590368","130690162479414800160244704067554032776","54096097260268341671718158435267712406","28420860715824291312242953237934670375","337895001094351150149404995907554396467","177359753558644547157151588117564810559","162351739150682085394743060147443899980","83495060877905114453686333572816169889","251962967068890413536903947142980063435","235656452082402070833688960470720649572","275881278853309565458405128121063102257","191939913379233452897610430999685705336","223274156695616404735873218589514963801","134548628968116778797838431939527333308","207618430807046733506708081182961619807","276908958195382199926387780253749031333","33970245830395231090454663751823182797","304475299257065868750565392142078782302","160165104682333595657808790928690480719","10208968675065822990605935289274727617","21705319581947566193321948516337360653","134499056175873870811864697408291127912","339991776203425590758311037172495392142","337966883707135533980393368809053769386","169823753621988967313339365526884352324","211233782235166079123413626204974513040","234123226939689609481251363067037954563","325419287693950881796926056886042407404","259151700177029071235395167654595384098","218868555274133361264836359217659535353","132652023040154102587700436295554866038","258788741431234282224402442360671994194","156995870437377231715523888954504534034","98980765144634462396885867433994847527","48685496446910633732105156723942050540","222595765850937694487836087242347414937","120863205665662338522594917547152859569","235656452082402070833688960470720649572","275881278853309565458405128121063102257","191939913379233452897610430999685705336","223274156695616404735873218589514963801","134548628968116778797838431939527333308","207618430807046733506708081182961619807","276908958195382199926387780253749031333","33970245830395231090454663751823182797","320543202991204050439853847304913948247","137318806791704863505478515751574329443","309548610557918372156183979000339759117","91376619472408313041565087531798826275","167875516485735563826133046033873108388","261038997366626683071520949703386152709","27880051360680233525759291772053354703","51337622272622314815765401288108572624","253175877104263081559608338456020863940","207608488806454509069588392894330036999","172412140123968163997178348817949150447","323108022667330578957484382991332413655","146057689065397072745517895346219028119","163984864969649007180893519063481217077","156243477237481532586864633732642736071","61234019073493747477809195340935229507","50859535080940420037791529169403259856","255424802829512435423084057484858997347","252953463674660382937339851888871431304","155834395734796570958394583332064104676","257407548644683543125297021123871997718","262546218167776635792786615141747099840","99079943789945151623486375930065226550","275772475281896765372314851151613083539"]},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2021-37686-5c52425e","target":{"file":"tensorflow/lite/kernels/pooling.cc"}},{"digest":{"function_hash":"94122823871109461736715440408812454391","length":995},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2021-37686-63ca8edc","target":{"file":"tensorflow/lite/kernels/pooling.cc","function":"AverageEval"}},{"digest":{"threshold":0.9,"line_hashes":["22585841779318832729693128947916886710","141513922788160349343974608867310196802","305059717153399730593497396310550613176","286363132166224817571868948686095346769","294023376140085865225475220000991994148","274018213606261858323554903938540835644","249984370597416901532483435583104643449","552281486270336815791889307539878396","108587633537507210242609878158511307392","108587633537507210242609878158511307392","289662629843683621356617509243756963638","151387386607403744712610492438593917632","136293728782923691951979337345538175076","223414696618547175448977176810815385471","294023376140085865225475220000991994148","164204480203692930796000102922605339359","118519164792929408858927979327278089549","313632599200890850832085529780081347921","108587633537507210242609878158511307392","108587633537507210242609878158511307392","270968754962739875187271081689903488428","52701061794074738477928566913258557469"]},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2021-37686-6cde6c0c","target":{"file":"tensorflow/lite/kernels/internal/reference/pooling.h"}},{"digest":{"threshold":0.9,"line_hashes":["85291634787394905160521909685951700550","135242719497681266152389821377158675371","289129364340600444519888726102762129656","286363132166224817571868948686095346769","338962539197245228622232513358863247441","32410634013237191719669261278953205302","241080034841598816979700689773775317111","169726345396619110913338672676887806205","291311887410597682533370607102211528014","41771111956811776306130129441074186498","151387386607403744712610492438593917632","189280893654575625456190359661892763439","164941623831334094591218889046118730597","177499191333874275064628029166703549817","11665764458397870535395669709441646915","55843782485032455927841764297663545393","314526150291616197774612989321853455649","108587633537507210242609878158511307392","108587633537507210242609878158511307392","294134969024749742560571913477803685924","86707825450656005522744744525543333446"]},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2021-37686-6de82c83","target":{"file":"tensorflow/lite/kernels/internal/optimized/optimized_ops.h"}},{"digest":{"function_hash":"17339417511016544599260009349421563105","length":458},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2021-37686-7ee39cca","target":{"file":"tensorflow/lite/kernels/internal/averagepool_quantized_test.cc","function":"RunOneAveragePoolTest"}},{"digest":{"threshold":0.9,"line_hashes":["209250687392870336237250877960048617122","144963577092979834396747043483945371047","175704823184715384312410500372102926719","289292731314929749991553620331020286862","41924137364585302987598194774796591468","80675239996141308339216723336204441726","257059100437433735111365041024881500755","113496942286884331980646283345011811465","279450833056707458959808554117120263654","92222453028202031162019227388633462564","204012571320305386037558122206570194344","3043418236370500933798803972533684560","150431427620908877454909438156414642412","40710612025087163026829003520912619009","70194921987361446446021277281697801972","48321691684680548016381520856130827781","8559132062614801290475379411264201044","67616540733581249326827236842054114405","224543152747532272629693676960329215083","210026851136911945756943945061629977372","294665998996778108859956030873613034905","100394875287271822115594024480924792438","317050728733654676928126044973395601206","127299874967651951727895647182868680556","207367473785136869286825490548326240616","42577033737094876645890837331869006568","98739598984299648928152123449352990404","18711687562495917974171629985762914843","173988874150595483481937734841203750515","42826234175958644795177805966577897872","89479189836653797743796436291134007564","273751260762597253556705900906961052061","329772047705327721520349749969539271417","113496942286884331980646283345011811465","221501581695731126398109145825575785946","150490694623824343995238651708303172881","302200045180119770035395563718273482614","299892821929003525801030650986899682184","82290460401003866745635470414207156125","311652739141765837667918792784781682545","183222135935687799371743628648862481629","104985535966397994778003522074258029222","223216804349758664622701449748913364417","214264263180291010016597409811563621632","309461251710473340128500286135077345369","149910860113954790264139996598036660136","124585023097540349483414850059453929752","186420334287646593734476756969257603864","228057166000270892069223514270209356213","220368707422750291135100373310418789894","48941506863989725710486236336436518958","309685339677161406458107774198591107305","278273197991267264548073627832300769931","237072723238287953668969437972002655267"]},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2021-37686-89f247f0","target":{"file":"tensorflow/lite/kernels/internal/optimized/legacy_optimized_ops.h"}},{"digest":{"threshold":0.9,"line_hashes":["289662629843683621356617509243756963638","267273761198098267171950869193988116510","310052609795220497218570092969178672505","137013471385547872901666046902649251687","177499191333874275064628029166703549817","11665764458397870535395669709441646915","340169638648570725545437219336111323724","74371351911076327587717694596545226922","108587633537507210242609878158511307392","108587633537507210242609878158511307392","108587633537507210242609878158511307392","108587633537507210242609878158511307392"]},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2021-37686-8adfb14e","target":{"file":"tensorflow/lite/kernels/internal/optimized/integer_ops/pooling.h"}},{"digest":{"threshold":0.9,"line_hashes":["12424960639106247522867624451248419453","4086934822090644806235735394467736290","175704823184715384312410500372102926719","289292731314929749991553620331020286862","41924137364585302987598194774796591468","80675239996141308339216723336204441726","257059100437433735111365041024881500755","29476965642401382303681784608667389533","275824948296086955531090492211131849204","65283019082745970591366812672824662383","92222453028202031162019227388633462564","204012571320305386037558122206570194344","3043418236370500933798803972533684560","150431427620908877454909438156414642412","40710612025087163026829003520912619009","70194921987361446446021277281697801972","48321691684680548016381520856130827781","8559132062614801290475379411264201044","67616540733581249326827236842054114405","224543152747532272629693676960329215083","210026851136911945756943945061629977372","294665998996778108859956030873613034905","100394875287271822115594024480924792438","317050728733654676928126044973395601206","127299874967651951727895647182868680556","207367473785136869286825490548326240616","42577033737094876645890837331869006568","98739598984299648928152123449352990404","18711687562495917974171629985762914843","173988874150595483481937734841203750515","42826234175958644795177805966577897872","89479189836653797743796436291134007564","273751260762597253556705900906961052061","329772047705327721520349749969539271417","113496942286884331980646283345011811465","221501581695731126398109145825575785946","150490694623824343995238651708303172881","302200045180119770035395563718273482614","299892821929003525801030650986899682184","82290460401003866745635470414207156125","311652739141765837667918792784781682545","183222135935687799371743628648862481629","104985535966397994778003522074258029222","223216804349758664622701449748913364417","214264263180291010016597409811563621632","309461251710473340128500286135077345369","149910860113954790264139996598036660136","124585023097540349483414850059453929752","186420334287646593734476756969257603864","228057166000270892069223514270209356213","220368707422750291135100373310418789894","48941506863989725710486236336436518958","309685339677161406458107774198591107305","278273197991267264548073627832300769931","237072723238287953668969437972002655267"]},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2021-37686-97e2409b","target":{"file":"tensorflow/lite/kernels/internal/reference/legacy_reference_ops.h"}},{"digest":{"function_hash":"17439458750952764376606597375665797411","length":1692},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2021-37686-9ec74491","target":{"file":"tensorflow/lite/kernels/internal/reference/pooling.h","function":"AveragePool"}},{"digest":{"function_hash":"275828509715379953373598663087774646744","length":884},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2021-37686-ea65e26a","target":{"file":"tensorflow/lite/kernels/pooling.cc","function":"AverageEvalFloat"}},{"digest":{"threshold":0.9,"line_hashes":["197472279584491139139237372878300586466","75499020925283997433852483929592133830","295593396898860360314186776829462284855","207391343531448723279466109333221764075","294023376140085865225475220000991994148","189137157732218156505515742140491234067","113720113017316484369663474892748975294","155671379866496532469147437374057361192","108587633537507210242609878158511307392","108587633537507210242609878158511307392","294134969024749742560571913477803685924","25854777166897224312538055161177688207","289662629843683621356617509243756963638","151387386607403744712610492438593917632","198009038329364723492647381589005248216","340000032386220488548456609043905741770","294023376140085865225475220000991994148","189137157732218156505515742140491234067","113720113017316484369663474892748975294","155671379866496532469147437374057361192","108587633537507210242609878158511307392","108587633537507210242609878158511307392","294134969024749742560571913477803685924","97575272232065022733356911216181803351"]},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2021-37686-eb40428f","target":{"file":"tensorflow/lite/kernels/internal/reference/integer_ops/pooling.h"}},{"digest":{"function_hash":"317214675110872046061693038213884369092","length":1728},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2021-37686-ec2833dd","target":{"file":"tensorflow/lite/kernels/internal/reference/integer_ops/pooling.h","function":"AveragePool"}},{"digest":{"function_hash":"155016450236671551127786071402055702056","length":1534},"source":"https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2021-37686-f2c88947","target":{"file":"tensorflow/lite/kernels/internal/reference/pooling.h","function":"AveragePool"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}