CVE-2021-29586
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling ComputePaddingHeightWidth(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have params->stride_{height,width} be zero, this will result in a division by zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| tensorflow | tensorflow | < 2.1.4 | affected |
| tensorflow | tensorflow | >= 2.2.0, < 2.2.3 | affected |
| tensorflow | tensorflow | >= 2.3.0, < 2.3.3 | affected |
| tensorflow | tensorflow | >= 2.4.0, < 2.4.2 | affected |
Weaknesses
- CWE-369: CWE-369: Divide By Zero
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922
- https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc
References
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922
- https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.