Lucene search
GoogleOSV:BIT-TENSORFLOW-2021-29602HistoryMar 06, 2024 - 11:18 a.m.
BIT-tensorflow-2021-29602
2024-03-0611:18:16
Google
osv.dev
4
tensorflow
tflite
depthwiseconv
vulnerability
division by zero
error
fix
version
supported
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthwiseConv TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/depthwise_conv.cc#L287-L288). An attacker can craft a model such that input’s fourth dimension would be 0. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | lt | 2.1.4 | |
| tensorflow | lt | 2.2.3 | |
| tensorflow | lt | 2.3.3 | |
| tensorflow | ge | 2.2.0 | |
| tensorflow | lt | 2.4.2 | |
| tensorflow | ge | 2.4.0 | |
| tensorflow | ge | 2.3.0 |
Related
osv
osv
PYSEC-2021-728
2021-05-14 20:15:00
Division by zero in TFLite's implementation of `DepthwiseConv`
2021-05-21 14:28:12
PYSEC-2021-239
2021-05-14 20:15:00
cvelist
cvelist
github
github
Division by zero in TFLite's implementation of `DepthwiseConv`
2021-05-21 14:28:12
prion
prion
Buffer overflow
2021-05-14 20:15:00
cve
cve
CVE-2021-29602
2021-05-14 20:15:00
ibm
ibm
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.3%
Related for OSV:BIT-TENSORFLOW-2021-29602