Release 2.4.2
This release introduces several vulnerability fixes:
- Fixes a heap buffer overflow in
RaggedBinCount(CVE-2021-29512) - Fixes a heap out of bounds write in
RaggedBinCount(CVE-2021-29514) - Fixes a type confusion during tensor casts which leads to dereferencing null pointers (CVE-2021-29513)
- Fixes a reference binding to null pointer in
MatrixDiag*ops (CVE-2021-29515) - Fixes a null pointer dereference via invalid Ragged Tensors (CVE-2021-29516)
- Fixes a division by zero in
Conv3D(CVE-2021-29517) - Fixes vulnerabilities where session operations in eager mode lead to null pointer dereferences (CVE-2021-29518)
- Fixes a
CHECK-fail inSparseCrosscaused by type confusion (CVE-2021-29519) - Fixes a segfault in
SparseCountSparseOutput(CVE-2021-29521) - Fixes a heap buffer overflow in
Conv3DBackprop*(CVE-2021-29520) - Fixes a division by 0 in
Conv3DBackprop*(CVE-2021-29522) - Fixes a
CHECK-fail inAddManySparseToTensorsMap(CVE-2021-29523) - Fixes a division by 0 in
Conv2DBackpropFilter(CVE-2021-29524) - Fixes a division by 0 in
Conv2DBackpropInput(CVE-2021-29525) - Fixes a division by 0 in
Conv2D(CVE-2021-29526) - Fixes a division by 0 in
QuantizedConv2D(CVE-2021-29527) - Fixes a division by 0 in
QuantizedMul(CVE-2021-29528) - Fixes vulnerabilities caused by invalid validation in
SparseMatrixSparseCholesky(CVE-2021-29530) - Fixes a heap buffer overflow caused by rounding (CVE-2021-29529)
- Fixes a
CHECK-fail intf.raw_ops.EncodePng(CVE-2021-29531) - Fixes a heap out of bounds read in
RaggedCross(CVE-2021-29532) - Fixes a
CHECK-fail inDrawBoundingBoxes(CVE-2021-29533) - Fixes a heap buffer overflow in
QuantizedMul(CVE-2021-29535) - Fixes a
CHECK-fail inSparseConcat(CVE-2021-29534) - Fixes a heap buffer overflow in
QuantizedResizeBilinear(CVE-2021-29537) - Fixes a heap buffer overflow in
QuantizedReshape(CVE-2021-29536) - Fixes a division by zero in
Conv2DBackpropFilter(CVE-2021-29538) - Fixes a heap buffer overflow in
Conv2DBackpropFilter(CVE-2021-29540) - Fixes a heap buffer overflow in
StringNGrams(CVE-2021-29542) - Fixes a null pointer dereference in
StringNGrams(CVE-2021-29541) - Fixes a
CHECK-fail inQuantizeAndDequantizeV4Grad(CVE-2021-29544) - Fixes a
CHECK-fail inCTCGreedyDecoder(CVE-2021-29543) - Fixes a heap buffer overflow in
SparseTensorToCSRSparseMatrix(CVE-2021-29545) - Fixes a division by 0 in
QuantizedBiasAdd(CVE-2021-29546) - Fixes a heap out of bounds in
QuantizedBatchNormWithGlobalNormalization(CVE-2021-29547) - Fixes a division by 0 in
QuantizedBatchNormWithGlobalNormalization(CVE-2021-29548) - Fixes a division by 0 in
QuantizedAdd(CVE-2021-29549) - Fixes a division by 0 in
FractionalAvgPool(CVE-2021-29550) - Fixes an OOB read in
MatrixTriangularSolve(CVE-2021-29551) - Fixes a heap OOB in
QuantizeAndDequantizeV3(CVE-2021-29553) - Fixes a
CHECK-failure inUnsortedSegmentJoin(CVE-2021-29552) - Fixes a division by 0 in
DenseCountSparseOutput(CVE-2021-29554) - Fixes a division by 0 in
FusedBatchNorm(CVE-2021-29555) - Fixes a division by 0 in
SparseMatMul(CVE-2021-29557) - Fixes a division by 0 in
Reverse(CVE-2021-29556) - Fixes a heap buffer overflow in
SparseSplit(CVE-2021-29558) - Fixes a heap OOB access in unicode ops (CVE-2021-29559)
- Fixes a heap buffer overflow in
RaggedTensorToTensor(CVE-2021-29560) - Fixes a
CHECK-fail inLoadAndRemapMatrix(CVE-2021-29561) - Fixes a
CHECK-fail intf.raw_ops.IRFFT(CVE-2021-29562) - Fixes a
CHECK-fail intf.raw_ops.RFFT(CVE-2021-29563) - Fixes a null pointer dereference in
EditDistance(CVE-2021-29564) - Fixes a null pointer dereference in
SparseFillEmptyRows(CVE-2021-29565) - Fixes a heap OOB access in
Dilation2DBackpropInput(CVE-2021-29566) - Fixes a reference binding to null in
ParameterizedTruncatedNormal(CVE-2021-29568) - Fixes a set of vulnerabilities caused by lack of validation in
SparseDenseCwiseMul(CVE-2021-29567) - Fixes a heap out of bounds read in
MaxPoolGradWithArgmax(CVE-2021-29570) - Fixes a heap out of bounds read in
RequantizationRange(CVE-2021-29569) - Fixes a memory corruption in
DrawBoundingBoxesV2(CVE-2021-29571) - Fixes a reference binding to nullptr in
SdcaOptimizer(CVE-2021-29572) - Fixes an overflow and a denial of service in
tf.raw_ops.ReverseSequence(CVE-2021-29575) - Fixes a division by 0 in
MaxPoolGradWithArgmax(CVE-2021-29573) - Fixes an undefined behavior in
MaxPool3DGradGrad(CVE-2021-29574) - Fixes a heap buffer overflow in
MaxPool3DGradGrad(CVE-2021-29576) - Fixes a heap buffer overflow in
AvgPool3DGrad(CVE-2021-29577) - Fixes an undefined behavior and a
CHECK-fail inFractionalMaxPoolGrad(CVE-2021-29580) - Fixes a heap buffer overflow in
FractionalAvgPoolGrad(CVE-2021-29578) - Fixes a heap buffer overflow in
MaxPoolGrad(CVE-2021-29579) - Fixes a segfault in
CTCBeamSearchDecoder(CVE-2021-29581) - Fixes a heap OOB read in
tf.raw_ops.Dequantize(CVE-2021-29582) - Fixes a
CHECK-fail due to integer overflow (CVE-2021-29584) - Fixes a heap buffer overflow and undefined behavior in
FusedBatchNorm(CVE-2021-29583) - Fixes a division by zero in padding computation in TFLite (CVE-2021-29585)
- Fixes a division by zero in optimized pooling implementations in TFLite (CVE-2021-29586)
- Fixes a division by zero in TFLite's implementation of
SpaceToDepth(CVE-2021-29587) - Fixes a division by zero in TFLite's implementation of
GatherNd(CVE-2021-29589) - Fixes a division by zero in TFLite's implementation of
TransposeConv(CVE-2021-29588) - Fixes a heap OOB read in TFLite's implementation of
MinimumorMaximum(CVE-2021-29590) - Fixes a null pointer dereference in TFLite's
Reshapeoperator (CVE-2021-29592) - Fixes a stack overflow due to looping TFLite subgraph (CVE-2021-29591)
- Fixes a division by zero in TFLite's implementation of
DepthToSpace(CVE-2021-29595) - Fixes a division by zero in TFLite's convolution code (CVE-2021-29594)
- Fixes a division by zero in TFLite's implementation of
EmbeddingLookup(CVE-2021-29596) - Fixes a division by zero in TFLite's implementation of
BatchToSpaceNd(CVE-2021-29593) - Fixes a division by zero in TFLite's implementation of
SpaceToBatchNd(CVE-2021-29597) - Fixes a division by zero in TFLite's implementation of
SVDF(CVE-2021-29598) - Fixes a division by zero in TFLite's implementation of
Split(CVE-2021-29599) - Fixes a division by zero in TFLite's implementation of
OneHot(CVE-2021-29600) - Fixes a division by zero in TFLite's implementation of
DepthwiseConv(CVE-2021-29602) - Fixes a division by zero in TFLite's implementation of hashtable lookup (CVE-2021-29604)
- Fixes a integer overflow in TFLite concatentation (CVE-2021-29601)
- Fixes a integer overflow in TFLite memory allocation (CVE-2021-29605)
- Fixes a heap OOB write in TFLite (CVE-2021-29603)
- Fixes a heap OOB read in TFLite (CVE-2021-29606)
- Fixes a heap OOB and null pointer dereference in
RaggedTensorToTensor(CVE-2021-29608) - Fixes vulnerabilities caused by incomplete validation in
SparseAdd(CVE-2021-29609) - Fixes vulnerabilities caused by incomplete validation in
SparseSparseMinimum(CVE-2021-29607) - Fixes vulnerabilities caused by incomplete validation in
SparseReshape(CVE-2021-29611) - Fixes vulnerabilities caused by invalid validation in
QuantizeAndDequantizeV2(CVE-2021-29610) - Fixes a heap buffer overflow in
BandedTriangularSolve(CVE-2021-29612) - Fixes vulnerabilities caused by incomplete validation in
tf.raw_ops.CTCLoss(CVE-2021-29613) - Fixes an interpreter crash from vulnerabilities in
tf.io.decode_raw(CVE-2021-29614) - Fixes a stack overflow in
ParseAttrValuewith nested tensors (CVE-2021-29615) - Fixes a null dereference in Grappler's
TrySimplify(CVE-2021-29616) - Fixes a crash in
tf.transposewith complex inputs (CVE-2021-29618) - Fixes a crash in
tf.strings.substrdue toCHECK-fail (CVE-2021-29617) - Fixes a segfault in
tf.raw_ops.SparseCountSparseOutput(CVE-2021-29619) - Fixes a segfault in
tf.raw_ops.ImmutableConst(CVE-2021-29539) - Updates
curlto7.76.0to handle CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285 and CVE-2020-8286.