{"id":"CVE-2021-29512","details":"TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the `splits` tensor buffer in the implementation of the `RaggedBincount` op(https://github.com/tensorflow/tensorflow/blob/8b677d79167799f71c42fd3fa074476e0295413a/tensorflow/core/kernels/bincount_op.cc#L430-L433). Before the `for` loop, `batch_idx` is set to 0. The user controls the `splits` array, making it contain only one element, 0. Thus, the code in the `while` loop would increment `batch_idx` and then try to read `splits(1)`, which is outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3, as these are also affected.","aliases":["BIT-tensorflow-2021-29512","GHSA-4278-2v5v-65r4","PYSEC-2021-149","PYSEC-2021-440","PYSEC-2021-638"],"modified":"2026-04-12T02:45:44.593584Z","published":"2021-05-14T19:15:07.753Z","related":["GHSA-4278-2v5v-65r4"],"references":[{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/eebb96c2830d48597d055d247c0e9aebaea94cd5"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4278-2v5v-65r4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"b36436b087bd8e8701ef51718179037cccdfc26e"},{"fixed":"3929ffacfbef7c431e8397920d040aaf47acff19"},{"introduced":"582c8d236cb079023657287c318ff26adb239002"},{"fixed":"1923123d32ea41d92b70a27a3f6ecf0763b56f6c"},{"fixed":"eebb96c2830d48597d055d247c0e9aebaea94cd5"}],"database_specific":{"extracted_events":[{"introduced":"2.3.0"},{"fixed":"2.3.3"},{"introduced":"2.4.0"},{"fixed":"2.4.2"}],"cpe":"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*","source":["CPE_FIELD","REFERENCES"]}}],"versions":["v2.3.0","v2.3.1","v2.3.2","v2.4.0","v2.4.1"],"database_specific":{"vanir_signatures":[{"deprecated":false,"id":"CVE-2021-29512-e78c135e","digest":{"threshold":0.9,"line_hashes":["50071248545797929442961525939004416823","313533363499102381398855757400300590347","34732738541755971658578122202906975538"]},"target":{"file":"tensorflow/core/kernels/bincount_op.cc"},"source":"https://github.com/tensorflow/tensorflow/commit/eebb96c2830d48597d055d247c0e9aebaea94cd5","signature_version":"v1","signature_type":"Line"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-29512.json","vanir_signatures_modified":"2026-04-12T02:45:44Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}