Login Sign Up

CVE-2021-37671

7.8 HIGH

📋 TL;DR

This vulnerability in TensorFlow allows attackers to cause undefined behavior by triggering null pointer dereferences in Map* and OrderedMap* operations. Attackers can exploit this by passing empty indices arrays to these operations, potentially leading to crashes or memory corruption. All TensorFlow users running affected versions are at risk.

💻 Affected Systems

Products:
  • TensorFlow
Versions: TensorFlow 2.3.0 to 2.3.3, 2.4.0 to 2.4.2, 2.5.0
Operating Systems: All platforms running TensorFlow
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects code using tf.raw_ops.Map* or tf.raw_ops.OrderedMap* operations with empty indices.

📦 What is this software?

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution, denial of service, or memory corruption leading to system compromise.

🟠

Likely Case

Application crash or denial of service affecting TensorFlow-based services.

🟢

If Mitigated

No impact if patched or workarounds applied; otherwise, potential service disruption.

🌐 Internet-Facing: MEDIUM - Requires specific API calls to TensorFlow operations, but could be exploited remotely if vulnerable endpoints exist.
🏢 Internal Only: MEDIUM - Internal applications using TensorFlow could be disrupted by malicious inputs.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to pass malicious input to specific TensorFlow operations; no public exploit code known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: TensorFlow 2.6.0, 2.5.1, 2.4.3, 2.3.4

Vendor Advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qr82-2c78-4m8h

Restart Required: No

Instructions:

1. Update TensorFlow to patched version: pip install --upgrade tensorflow==2.6.0 (or appropriate version). 2. Verify update with: python -c 'import tensorflow as tf; print(tf.__version__)'.

🔧 Temporary Workarounds

Input validation for Map operations

all

Add validation to ensure indices arrays are not empty before passing to Map* or OrderedMap* operations.

🧯 If You Can't Patch

  • Implement strict input validation for all TensorFlow Map* and OrderedMap* operations
  • Monitor for crashes or abnormal behavior in TensorFlow applications

🔍 How to Verify

Check if Vulnerable:

Check TensorFlow version: python -c 'import tensorflow as tf; print(tf.__version__)' and compare to affected versions.

Check Version:

python -c 'import tensorflow as tf; print(tf.__version__)'

Verify Fix Applied:

After patching, verify version is 2.6.0, 2.5.1, 2.4.3, or 2.3.4, and test Map operations with empty indices to ensure no crashes.

📡 Detection & Monitoring

Log Indicators:

  • TensorFlow process crashes
  • Segmentation faults in TensorFlow applications
  • Error logs mentioning MapStageOp

Network Indicators:

  • Unusual API calls to TensorFlow endpoints with empty arrays

SIEM Query:

process_name:tensorflow AND (event_type:crash OR error_message:*MapStageOp*)

📊 Metadata

CVE ID: CVE-2021-37671
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-824
Published: August 12, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37671, you might also want to check these:

CVE-2020-11138 9.8

This vulnerability allows attackers to exploit uninitialized pointers during music playback in Qualc...

Same vulnerability type (CWE-824)
CVE-2022-44451 9.8

This vulnerability allows arbitrary code execution through a use of uninitialized pointer in Open Ba...

Same vulnerability type (CWE-824)
CVE-2025-66588 9.8

An uninitialized pointer vulnerability in AzeoTech DAQFactory allows attackers to execute arbitrary ...

Same vulnerability type (CWE-824)