Lucene search
GoogleOSV:CVE-2021-37668HistoryAug 12, 2021 - 11:15 p.m.
CVE-2021-37668
2021-08-1223:15:07
Google
osv.dev
6
tensorflow
vulnerability
denial of service
unravelindex
patch
github
commit
2.6.0
cherrypick
2.5.1
2.4.3
2.3.4
EPSS
0
Percentile
12.6%
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.raw_ops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not empty. Hence, if one element of dims is 0, the implementation does a division by 0. We have patched the issue in GitHub commit a776040a5e7ebf76eeb7eb923bf1ae417dd4d233. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
Related
osv
osv
PYSEC-2021-290
2021-08-12 23:15:00
FPE in `tf.raw_ops.UnravelIndex`
2021-08-25 14:42:06
BIT-tensorflow-2021-37668
2024-03-06 11:17:11
nvd
nvd
CVE-2021-37668
2021-08-12 23:15:07
cnvd
cnvd
Google TensorFlow 'tf.raw_ops.UnravelIndex' Denial of Service Vulnerability
2021-08-13 00:00:00
prion
prion
Design/Logic Flaw
2021-08-12 23:15:00
github
github
FPE in `tf.raw_ops.UnravelIndex`
2021-08-25 14:42:06
cvelist
cvelist
CVE-2021-37668 Division by zero in TensorFlow Lite `tf.raw_ops.UnravelIndex`
2021-08-12 22:30:12
cve
cve
CVE-2021-37668
2021-08-12 23:15:07
nessus
nessus
openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)
2022-06-19 00:00:00
suse
suse
Security update for tensorflow2 (moderate)
2022-06-18 00:00:00
