Lucene search
GoogleOSV:PYSEC-2021-225HistoryMay 14, 2021 - 8:15 p.m.
PYSEC-2021-225
2021-05-1420:15:00
Google
osv.dev
5
0.0005 Low
EPSS
Percentile
17.9%
TensorFlow is an end-to-end open source platform for machine learning. The optimized implementation of the TransposeConv TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that stride_{h,w} values are 0. Code calling this function must validate these arguments. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | eq | 1.10.0 | |
| tensorflow | eq | 1.6.0 | |
| tensorflow | eq | 1.12.0 | |
| tensorflow | eq | 1.13.0rc0 | |
| tensorflow | eq | 1.7.0rc0 | |
| tensorflow | eq | 1.9.0 | |
| tensorflow | eq | 1.2.0rc0 | |
| tensorflow | eq | 2.0.1 | |
| tensorflow | eq | 1.4.0rc1 | |
| tensorflow | eq | 2.2.0 |
Related
osv
osv
BIT-tensorflow-2021-29588
2024-03-06 11:18:34
PYSEC-2021-714
2021-05-14 20:15:00
PYSEC-2021-516
2021-05-14 20:15:00
prion
prion
Design/Logic Flaw
2021-05-14 20:15:00
nvd
nvd
CVE-2021-29588
2021-05-14 20:15:14
cve
cve
CVE-2021-29588
2021-05-14 20:15:14
cvelist
cvelist
github
github
Division by zero in TFLite's implementation of `TransposeConv`
2021-05-21 14:26:48
ibm
ibm