Lucene search
PRIOn knowledge basePRION:CVE-2021-29555HistoryMay 14, 2021 - 8:15 p.m.
Design/Logic Flaw
2021-05-1420:15:00
PRIOn knowledge base
www.prio-n.com
4
0.0004 Low
EPSS
Percentile
12.8%
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.FusedBatchNorm. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/828f346274841fa7505f7020e88ca36c22e557ab/tensorflow/core/kernels/fused_batch_norm_op.cc#L295-L297) performs a division based on the last dimension of the x tensor. Since this is controlled by the user, an attacker can trigger a denial of service. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | ge | 2.4.0 | |
| tensorflow | lt | 2.4.2 | |
| tensorflow | ge | 2.3.0 | |
| tensorflow | lt | 2.3.3 | |
| tensorflow | ge | 2.2.0 | |
| tensorflow | lt | 2.2.3 | |
| tensorflow | lt | 2.1.4 |
Related
veracode
veracode
Denial Of Service (DoS)
2021-05-17 12:07:19
osv
osv
github
github
Division by 0 in `FusedBatchNorm`
2021-05-21 14:23:58
cve
cve
CVE-2021-29555
2021-05-14 20:15:13
cvelist
cvelist
CVE-2021-29555 Division by 0 in `FusedBatchNorm`
2021-05-14 19:17:51
nvd
nvd
CVE-2021-29555
2021-05-14 20:15:13
ibm
ibm