Lucene search

GitHub Advisory DatabaseGHSA-3W67-Q784-6W7C

HistoryMay 21, 2021 - 2:26 p.m.

Division by zero in TFLite's implementation of `GatherNd`

2021-05-2114:26:51

CWE-369

GitHub Advisory Database

github.com

tflite

gathernd

division by zero

vulnerability

tensorflow

patch

github

commit

security guide

aivul team

qihoo 360

software

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.8%

JSON

Impact

The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero error:

ret.dims_to_count[i] = remain_flat_size / params_shape.Dims(i);

An attacker can craft a model such that params input would be an empty tensor. In turn, params_shape.Dims(.) would be zero, in at least one dimension.

Patches

We have patched the issue in GitHub commit 8e45822aa0b9f5df4b4c64f221e64dc930a70a9d.

The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Affected configurations

Vulners

Node

tensorflow-gpuRange2.3.0–2.3.3

tensorflow-gpuRange2.4.0–2.4.2

tensorflow-gpuRange2.2.0–2.2.3

tensorflow-gpuRange<2.1.4

tensorflow-cpuRange2.4.0–2.4.2

tensorflow-cpuRange2.3.0–2.3.3

tensorflow-cpuRange2.2.0–2.2.3

tensorflow-cpuRange<2.1.4

tensorflowtensorflowRange2.4.0–2.4.2

tensorflowtensorflowRange2.3.0–2.3.3

tensorflowtensorflowRange2.2.0–2.2.3

tensorflowtensorflowRange<2.1.4

VendorProductVersionCPE
*tensorflow-gpu*cpe:2.3:a:*:tensorflow-gpu:*:*:*:*:*:*:*:*
*tensorflow-cpu*cpe:2.3:a:*:tensorflow-cpu:*:*:*:*:*:*:*:*
tensorflowtensorflow*cpe:2.3:a:tensorflow:tensorflow:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	tensorflow-gpu	*	cpe:2.3:a::tensorflow-gpu::::::::*
*	tensorflow-cpu	*	cpe:2.3:a::tensorflow-cpu::::::::*
tensorflow	tensorflow	*	cpe:2.3:a:tensorflow:tensorflow::::::::

References

github.com/advisories/GHSA-3w67-q784-6w7c

github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/internal/reference/reference_ops.h#L966

github.com/tensorflow/tensorflow/commit/8e45822aa0b9f5df4b4c64f221e64dc930a70a9d

github.com/tensorflow/tensorflow/security/advisories/GHSA-3w67-q784-6w7c

nvd.nist.gov/vuln/detail/CVE-2021-29589

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.8%

JSON

Related for GHSA-3W67-Q784-6W7C