Login Sign Up

CVE-2021-29591

7.3 HIGH
Denial of Service

📋 TL;DR

This vulnerability in TensorFlow allows attackers to craft malicious TFLite models that cause infinite loops or stack overflows during evaluation. It affects TensorFlow users who process untrusted models, potentially leading to denial of service. The issue stems from improper validation of loops between nodes in TFLite graphs.

💻 Affected Systems

Products:
  • TensorFlow
Versions: TensorFlow 2.1.0 to 2.4.1, 2.3.0 to 2.3.2, 2.2.0 to 2.2.2
Operating Systems: All platforms running affected TensorFlow versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects TFLite graph processing. Applications using TensorFlow for inference with untrusted models are at risk.

📦 What is this software?

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service through stack exhaustion, crashing the TensorFlow process and potentially affecting dependent applications.

🟠

Likely Case

Service disruption when processing malicious models, causing application crashes or unresponsiveness.

🟢

If Mitigated

No impact if proper input validation and model sanitization are implemented before processing.

🌐 Internet-Facing: MEDIUM - Exploitable if applications accept untrusted models from external sources, but requires specific model crafting.
🏢 Internal Only: LOW - Lower risk in controlled environments where model sources are trusted, though still possible through supply chain attacks.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious TFLite model with specific loop conditions. No public exploit code is known, but the vulnerability is well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: TensorFlow 2.5.0, 2.4.2, 2.3.3, 2.2.3, 2.1.4

Vendor Advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cwv3-863g-39vx

Restart Required: Yes

Instructions:

1. Identify current TensorFlow version. 2. Upgrade to patched version using pip: 'pip install --upgrade tensorflow==2.5.0' (or appropriate version). 3. Restart all services using TensorFlow. 4. Verify the fix by checking version and testing with known safe models.

🔧 Temporary Workarounds

Input Validation and Model Sanitization

all

Implement strict validation of TFLite models before processing, rejecting models with suspicious graph structures.

Resource Limiting

linux

Configure process resource limits (stack size, CPU time) to mitigate impact of infinite loops.

ulimit -s 8192
ulimit -t 30

🧯 If You Can't Patch

  • Isolate TensorFlow processing in containers with strict resource limits
  • Implement model provenance checking and only accept models from trusted sources

🔍 How to Verify

Check if Vulnerable:

Check TensorFlow version: if between 2.1.0-2.4.1 (excluding patched versions), the system is vulnerable.

Check Version:

python -c 'import tensorflow as tf; print(tf.__version__)'

Verify Fix Applied:

Verify TensorFlow version is 2.5.0, 2.4.2, 2.3.3, 2.2.3, or 2.1.4. Test with a sample TFLite model to ensure normal processing.

📡 Detection & Monitoring

Log Indicators:

  • Process crashes with stack overflow errors
  • Excessive CPU usage from TensorFlow processes
  • Repeated model evaluation failures

Network Indicators:

  • Unusual model uploads to TensorFlow services
  • Increased error rates in model inference endpoints

SIEM Query:

source="tensorflow" AND ("stack overflow" OR "infinite loop" OR "Process terminated")

📊 Metadata

CVE ID: CVE-2021-29591
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
CWE: CWE-835
Published: May 14, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-29591, you might also want to check these:

CVE-2021-42143 9.1

This vulnerability in Contiki-NG tinyDTLS allows remote attackers to cause denial of service and pot...

Same vulnerability type (CWE-835)
CVE-2026-25533 8.8

This vulnerability allows attackers to bypass multiple security layers in Enclave, a JavaScript sand...

Same vulnerability type (CWE-835)
CVE-2023-20083 8.6

A vulnerability in Cisco Firepower Threat Defense (FTD) Software's ICMPv6 inspection with Snort 2 al...

Same vulnerability type (CWE-835)