Lucene search
PRIOn knowledge basePRION:CVE-2021-29600HistoryMay 14, 2021 - 8:15 p.m.
Design/Logic Flaw
2021-05-1420:15:00
PRIOn knowledge base
www.prio-n.com
5
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the OneHot TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/f61c57bd425878be108ec787f4d96390579fb83e/tensorflow/lite/kernels/one_hot.cc#L68-L72). An attacker can craft a model such that at least one of the dimensions of indices would be 0. In turn, the prefix_dim_size value would become 0. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | ge | 2.4.0 | |
| tensorflow | lt | 2.4.2 | |
| tensorflow | ge | 2.3.0 | |
| tensorflow | lt | 2.3.3 | |
| tensorflow | ge | 2.2.0 | |
| tensorflow | lt | 2.2.3 | |
| tensorflow | lt | 2.1.4 |
Related
osv
osv
PYSEC-2021-726
2021-05-14 20:15:00
PYSEC-2021-528
2021-05-14 20:15:00
BIT-tensorflow-2021-29600
2024-03-06 11:18:19
github
github
Division by zero in TFLite's implementation of `OneHot`
2021-05-21 14:28:04
cve
cve
CVE-2021-29600
2021-05-14 20:15:15
cvelist
cvelist
CVE-2021-29600 Division by zero in TFLite's implementation of `OneHot`
2021-05-14 19:21:37
nvd
nvd
CVE-2021-29600
2021-05-14 20:15:15
ibm
ibm