Lucene search
GoogleOSV:PYSEC-2021-290HistoryAug 12, 2021 - 11:15 p.m.
PYSEC-2021-290
2021-08-1223:15:00
Google
osv.dev
11
tensorflow
denial of service
vulnerability
patch
github commit
fix
cherrypick
supported range
EPSS
0
Percentile
12.6%
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.raw_ops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not empty. Hence, if one element of dims is 0, the implementation does a division by 0. We have patched the issue in GitHub commit a776040a5e7ebf76eeb7eb923bf1ae417dd4d233. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
Related
nvd
nvd
CVE-2021-37668
2021-08-12 23:15:07
osv
osv
CVE-2021-37668
2021-08-12 23:15:07
FPE in `tf.raw_ops.UnravelIndex`
2021-08-25 14:42:06
BIT-tensorflow-2021-37668
2024-03-06 11:17:11
cnvd
cnvd
Google TensorFlow 'tf.raw_ops.UnravelIndex' Denial of Service Vulnerability
2021-08-13 00:00:00
prion
prion
Design/Logic Flaw
2021-08-12 23:15:00
github
github
FPE in `tf.raw_ops.UnravelIndex`
2021-08-25 14:42:06
cvelist
cvelist
CVE-2021-37668 Division by zero in TensorFlow Lite `tf.raw_ops.UnravelIndex`
2021-08-12 22:30:12
cve
cve
CVE-2021-37668
2021-08-12 23:15:07
nessus
nessus
openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)
2022-06-19 00:00:00
suse
suse
Security update for tensorflow2 (moderate)
2022-06-18 00:00:00
