Lucene search
PRIOn knowledge basePRION:CVE-2021-29573HistoryMay 14, 2021 - 8:15 p.m.
Design/Logic Flaw
2021-05-1420:15:00
PRIOn knowledge base
www.prio-n.com
3
0.0004 Low
EPSS
Percentile
12.8%
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.MaxPoolGradWithArgmax is vulnerable to a division by 0. The implementation(https://github.com/tensorflow/tensorflow/blob/279bab6efa22752a2827621b7edb56a730233bd8/tensorflow/core/kernels/maxpooling_op.cc#L1033-L1034) fails to validate that the batch dimension of the tensor is non-zero, before dividing by this quantity. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | ge | 2.4.0 | |
| tensorflow | lt | 2.4.2 | |
| tensorflow | ge | 2.3.0 | |
| tensorflow | lt | 2.3.3 | |
| tensorflow | ge | 2.2.0 | |
| tensorflow | lt | 2.2.3 | |
| tensorflow | lt | 2.1.4 |
Related
osv
osv
PYSEC-2021-699
2021-05-14 20:15:00
Division by 0 in `MaxPoolGradWithArgmax`
2021-05-21 14:26:07
PYSEC-2021-210
2021-05-14 20:15:00
github
github
Division by 0 in `MaxPoolGradWithArgmax`
2021-05-21 14:26:07
cvelist
cvelist
CVE-2021-29573 Division by 0 in `MaxPoolGradWithArgmax`
2021-05-14 19:16:18
nvd
nvd
CVE-2021-29573
2021-05-14 20:15:13
veracode
veracode
Denial Of Service (DoS)
2021-05-17 15:21:13
cve
cve
CVE-2021-29573
2021-05-14 20:15:13
ibm
ibm