Lucene search
GoogleOSV:PYSEC-2021-235HistoryMay 14, 2021 - 8:15 p.m.
PYSEC-2021-235
2021-05-1420:15:00
Google
osv.dev
8
0.0005 Low
EPSS
Percentile
17.9%
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SVDF TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/svdf.cc#L99-L102). An attacker can craft a model such that params->rank would be 0. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | eq | 1.10.0 | |
| tensorflow | eq | 1.6.0 | |
| tensorflow | eq | 1.12.0 | |
| tensorflow | eq | 1.13.0rc0 | |
| tensorflow | eq | 1.7.0rc0 | |
| tensorflow | eq | 1.9.0 | |
| tensorflow | eq | 1.2.0rc0 | |
| tensorflow | eq | 2.0.1 | |
| tensorflow | eq | 1.4.0rc1 | |
| tensorflow | eq | 2.2.0 |
Related
osv
osv
prion
prion
Design/Logic Flaw
2021-05-14 20:15:00
nvd
nvd
CVE-2021-29598
2021-05-14 20:15:15
cve
cve
CVE-2021-29598
2021-05-14 20:15:15
github
github
Division by zero in TFLite's implementation of `SVDF`
2021-05-21 14:27:58
cvelist
cvelist
CVE-2021-29598 Division by zero in TFLite's implementation of `SVDF`
2021-05-14 19:21:51
ibm
ibm