Lucene search
GoogleOSV:BIT-TENSORFLOW-2021-29525HistoryMar 06, 2024 - 11:19 a.m.
BIT-tensorflow-2021-29525
2024-03-0611:19:53
Google
osv.dev
4
tensorflow
machine learning
division by 0
security issue
software vulnerability
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.raw_ops.Conv2DBackpropInput. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/b40060c9f697b044e3107917c797ba052f4506ab/tensorflow/core/kernels/conv_grad_input_ops.h#L625-L655) does a division by a quantity that is controlled by the caller. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | lt | 2.1.4 | |
| tensorflow | lt | 2.2.3 | |
| tensorflow | lt | 2.3.3 | |
| tensorflow | ge | 2.2.0 | |
| tensorflow | lt | 2.4.2 | |
| tensorflow | ge | 2.4.0 | |
| tensorflow | ge | 2.3.0 |
Related
cvelist
cvelist
CVE-2021-29525 Division by 0 in `Conv2DBackpropInput`
2021-05-14 19:12:43
cve
cve
CVE-2021-29525
2021-05-14 20:15:00
osv
osv
github
github
Division by 0 in `Conv2DBackpropInput`
2021-05-21 14:21:51
veracode
veracode
Denial Of Service (DoS)
2021-05-17 06:42:34
prion
prion
Code injection
2021-05-14 20:15:00
ibm
ibm
6.6 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
Related for OSV:BIT-TENSORFLOW-2021-29525