CVE-2021-29594Divide By Zero in Tensorflow

CWE-369Divide By Zero6 documents5 sources
Severity
7.8HIGHNVD
CNA2.5
EPSS
0.0%
top 95.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
TensorflowGoogle TensorflowIntel Optimization FOR Tensorflow
Timeline
PublishedMay 14
Latest updateMay 21

Description

TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution code(https://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc) has multiple division where the divisor is controlled by the user and not checked to be non-zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affecte

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDgoogle/tensorflow2.2.02.2.3+3
CVEListV5tensorflow/tensorflow< 2.1.4+3
PyPIintel/optimization_for_tensorflow2.2.02.2.3+4

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
Division by zero in TFLite's convolution code2021-05-21
OSV
Division by zero in TFLite's convolution code2021-05-21
CVEList
Division by zero in TFLite's convolution code2021-05-14
OSV
CVE-2021-29594: TensorFlow is an end-to-end open source platform for machine learning2021-05-14

📋Vendor Advisories

1
Debian
CVE-2021-29594: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. TFLite's ...2021
CVE-2021-29594 — Divide By Zero in Tensorflow | cvebase