Lucene search
GoogleOSV:GHSA-RHRQ-64MQ-HF9HHistoryAug 25, 2021 - 2:40 p.m.
FPE in TFLite division operations
2021-08-2514:40:16
Google
osv.dev
8
tflite
tensorflow
vulnerability
division
zero elements
patch
github
commit
2.6.0
cherrypick
2.5.1
2.4.3
2.3.4
security guide
aivul team
qihoo 360
software
EPSS
0
Percentile
12.6%
Impact
The implementation of division in TFLite is vulnerable to a division by 0 error
There is no check that the divisor tensor does not contain zero elements.
Patches
We have patched the issue in GitHub commit 1e206baedf8bef0334cca3eb92bab134ef525a28.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
Related
cnvd
cnvd
Google TensorFlow TFLite Denial of Service Vulnerability
2021-08-13 00:00:00
github
github
FPE in TFLite division operations
2021-08-25 14:40:16
cvelist
cvelist
CVE-2021-37683 Division by zero in TensorFlow Lite division operations
2021-08-12 22:30:23
osv
osv
prion
prion
Design/Logic Flaw
2021-08-12 23:15:00
nvd
nvd
CVE-2021-37683
2021-08-12 23:15:08
cve
cve
CVE-2021-37683
2021-08-12 23:15:08
suse
suse
Security update for tensorflow2 (moderate)
2022-06-18 00:00:00
nessus
nessus
openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)
2022-06-19 00:00:00
