Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2021-29533 : Security Advisory and Response

Learn about the TensorFlow DrawBoundingBoxes CHECK-fail vulnerability (CVE-2021-29533) affecting versions < 2.1.4, >= 2.2.0 < 2.2.3, >= 2.3.0 < 2.3.3, and >= 2.4.0 < 2.4.2. Impact rated LOW with CVSS base score 2.5. Mitigation steps provided.

TensorFlow is an open-source platform for machine learning. CVE-2021-29533 allows an attacker to trigger a denial of service by exploiting a 

CHECK
failure in 
DrawBoundingBoxes
function. The vulnerability affects TensorFlow versions < 2.1.4, >= 2.2.0 and < 2.2.3, >= 2.3.0 and < 2.3.3, and >= 2.4.0 and < 2.4.2. The impact is rated as LOW with a CVSS base score of 2.5.

Understanding CVE-2021-29533

This section provides insights into the nature of the vulnerability and its implications.

What is CVE-2021-29533?

CVE-2021-29533 details a vulnerability in TensorFlow that can be exploited to cause a denial of service through a 

CHECK
failure in the 
DrawBoundingBoxes
function.

The Impact of CVE-2021-29533

The impact of this vulnerability is rated as LOW, with a CVSS base score of 2.5. An attacker could utilize this flaw to trigger a denial of service attack.

Technical Details of CVE-2021-29533

This section delves into the technical aspects of the vulnerability to provide a deeper understanding of its behavior and implications.

Vulnerability Description

The vulnerability arises due to the use of 

CHECK_*
assertions instead of 
OP_REQUIRES
in the implementation, resulting in a denial of service when an empty image is passed to 
DrawBoundingBoxes
.

Affected Systems and Versions

The vulnerability affects TensorFlow versions < 2.1.4, >= 2.2.0 and < 2.2.3, >= 2.3.0 and < 2.3.3, and >= 2.4.0 and < 2.4.2.

Exploitation Mechanism

By triggering a 

CHECK
failure through user-controlled inputs, an attacker can exploit the vulnerability to cause a denial of service by passing an empty image.

Mitigation and Prevention

This section outlines steps to mitigate the risks associated with CVE-2021-29533 and prevent potential exploitation.

Immediate Steps to Take

Users are advised to upgrade to TensorFlow version 2.5.0 or apply the necessary patches to prevent exploitation of the vulnerability.

Long-Term Security Practices

Incorporating secure coding practices, regular security audits, and monitoring for updates are essential for long-term security.

Patching and Updates

The fix for CVE-2021-29533 is included in TensorFlow 2.5.0. Additionally, patches have been cherrypicked for TensorFlow versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4 to address the vulnerability.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now