CVE-2021-37683 — Divide By Zero in Tensorflow

CWE-369 — Divide By Zero6 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 98.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tensorflow Google Tensorflow Intel Optimization FOR Tensorflow

Timeline

PublishedAug 12

Latest updateAug 25

Description

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/div.cc). There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit 1e206baedf8bef0334cca3eb92bab134ef525a28. The fix will be included in TensorFlow 2.6.0. W…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDgoogle/tensorflow2.3.0 — 2.3.4+3

▶CVEListV5tensorflow/tensorflow< 2.3.4+2

▶PyPIintel/optimization_for_tensorflow2.4.0 — 2.4.3+4

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

FPE in TFLite division operations↗2021-08-25

▶

OSV

FPE in TFLite division operations↗2021-08-25

▶

OSV

CVE-2021-37683: TensorFlow is an end-to-end open source platform for machine learning↗2021-08-12

▶

CVEList

Division by zero in TensorFlow Lite division operations↗2021-08-12

▶

📋Vendor Advisories

Debian

CVE-2021-37683: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. In affect...↗2021

▶