cvelistv5 - CVE-2021-29586

CVE-2021-29586

Vulnerability from cvelistv5

Published

2021-05-14 19:35

Modified

2024-08-03 22:11

Severity ?

2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Summary

TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeightWidth`(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have `params->stride_{height,width}` be zero, this will result in a division by zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

References

URL	Tags
security-advisories@github.com	https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922	Exploit, Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	tensorflow	tensorflow	Version: < 2.1.4 Version: >= 2.2.0, < 2.2.3 Version: >= 2.3.0, < 2.3.3 Version: >= 2.4.0, < 2.4.2

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T22:11:06.251Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "tensorflow",
               vendor: "tensorflow",
               versions: [
                  {
                     status: "affected",
                     version: "< 2.1.4",
                  },
                  {
                     status: "affected",
                     version: ">= 2.2.0, < 2.2.3",
                  },
                  {
                     status: "affected",
                     version: ">= 2.3.0, < 2.3.3",
                  },
                  {
                     status: "affected",
                     version: ">= 2.4.0, < 2.4.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeightWidth`(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have `params->stride_{height,width}` be zero, this will result in a division by zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 2.5,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-369",
                     description: "CWE-369: Divide By Zero",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-05-14T19:35:25",
            orgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
            shortName: "GitHub_M",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc",
            },
         ],
         source: {
            advisory: "GHSA-26j7-6w8w-7922",
            discovery: "UNKNOWN",
         },
         title: "Division by zero in optimized pooling implementations in TFLite",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security-advisories@github.com",
               ID: "CVE-2021-29586",
               STATE: "PUBLIC",
               TITLE: "Division by zero in optimized pooling implementations in TFLite",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "tensorflow",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "< 2.1.4",
                                       },
                                       {
                                          version_value: ">= 2.2.0, < 2.2.3",
                                       },
                                       {
                                          version_value: ">= 2.3.0, < 2.3.3",
                                       },
                                       {
                                          version_value: ">= 2.4.0, < 2.4.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "tensorflow",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeightWidth`(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have `params->stride_{height,width}` be zero, this will result in a division by zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 2.5,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-369: Divide By Zero",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922",
                     refsource: "CONFIRM",
                     url: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922",
                  },
                  {
                     name: "https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc",
                     refsource: "MISC",
                     url: "https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc",
                  },
               ],
            },
            source: {
               advisory: "GHSA-26j7-6w8w-7922",
               discovery: "UNKNOWN",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
      assignerShortName: "GitHub_M",
      cveId: "CVE-2021-29586",
      datePublished: "2021-05-14T19:35:25",
      dateReserved: "2021-03-30T00:00:00",
      dateUpdated: "2024-08-03T22:11:06.251Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2021-29586\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-05-14T20:15:14.627\",\"lastModified\":\"2024-11-21T06:01:26.187\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeightWidth`(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have `params->stride_{height,width}` be zero, this will result in a division by zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\"},{\"lang\":\"es\",\"value\":\"TensorFlow es una plataforma de código abierto de extremo a extremo para el aprendizaje automático.&#xa0;Las implementaciones de agrupación optimizadas en TFLite no pueden comprobar que los argumentos de stride no sean 0 versiones anteriores a llamar a la función \\\"ComputePaddingHeightWidth\\\" (https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernel#s/pooling).&#xa0;Dado que los usuarios pueden diseñar modelos especiales que tendrán \\\"params-&gt; stride_ {height, width}\\\" ser cero, esto resultará en una división por cero.&#xa0;La corrección será incluida en TensorFlow versión 2.5.0.&#xa0;También seleccionaremos este compromiso en TensorFlow versión 2.4.2, TensorFlow versión 2.3.3, TensorFlow versión 2.2.3 y TensorFlow versión 2.1.4, ya que estos también están afectados y aún están en el rango admitido\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":2.5,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.0,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-369\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.1.4\",\"matchCriteriaId\":\"323ABCCE-24EB-47CC-87F6-48C101477587\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.0\",\"versionEndExcluding\":\"2.2.3\",\"matchCriteriaId\":\"64ABA90C-0649-4BB0-89C9-83C14BBDCC0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndExcluding\":\"2.3.3\",\"matchCriteriaId\":\"0F83E0CF-CBF6-4C24-8683-3E7A5DC95BA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndExcluding\":\"2.4.2\",\"matchCriteriaId\":\"8259531B-A8AC-4F8B-B60F-B69DE4767C03\"}]}]}],\"references\":[{\"url\":\"https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]}]}}",
   },
}

gsd-2021-29586

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2021-29586

Aliases

CVE-2021-29586

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2021-29586",
      description: "TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeightWidth`(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have `params->stride_{height,width}` be zero, this will result in a division by zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.",
      id: "GSD-2021-29586",
      references: [
         "https://www.suse.com/security/cve/CVE-2021-29586.html",
         "https://security.archlinux.org/CVE-2021-29586",
      ],
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2021-29586",
         ],
         details: "TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeightWidth`(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have `params->stride_{height,width}` be zero, this will result in a division by zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.",
         id: "GSD-2021-29586",
         modified: "2023-12-13T01:23:36.494133Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "security-advisories@github.com",
            ID: "CVE-2021-29586",
            STATE: "PUBLIC",
            TITLE: "Division by zero in optimized pooling implementations in TFLite",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "tensorflow",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "< 2.1.4",
                                    },
                                    {
                                       version_value: ">= 2.2.0, < 2.2.3",
                                    },
                                    {
                                       version_value: ">= 2.3.0, < 2.3.3",
                                    },
                                    {
                                       version_value: ">= 2.4.0, < 2.4.2",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "tensorflow",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeightWidth`(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have `params->stride_{height,width}` be zero, this will result in a division by zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.",
               },
            ],
         },
         impact: {
            cvss: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "LOW",
               baseScore: 2.5,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "CWE-369: Divide By Zero",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922",
                  refsource: "CONFIRM",
                  url: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922",
               },
               {
                  name: "https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc",
                  refsource: "MISC",
                  url: "https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc",
               },
            ],
         },
         source: {
            advisory: "GHSA-26j7-6w8w-7922",
            discovery: "UNKNOWN",
         },
      },
      "gitlab.com": {
         advisories: [
            {
               affected_range: "<2.1.4||>=2.2.0,<2.2.3||>=2.3.0,<2.3.3||>=2.4.0,<2.4.2",
               affected_versions: "All versions before 2.1.4, all versions starting from 2.2.0 before 2.2.3, all versions starting from 2.3.0 before 2.3.3, all versions starting from 2.4.0 before 2.4.2",
               cvss_v2: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               cvss_v3: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               cwe_ids: [
                  "CWE-1035",
                  "CWE-369",
                  "CWE-937",
               ],
               date: "2021-05-19",
               description: "TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeightWidth`.",
               fixed_versions: [
                  "2.5.0",
               ],
               identifier: "CVE-2021-29586",
               identifiers: [
                  "CVE-2021-29586",
                  "GHSA-26j7-6w8w-7922",
               ],
               not_impacted: "All versions starting from 2.1.4 before 2.2.0, all versions starting from 2.2.3 before 2.3.0, all versions starting from 2.3.3 before 2.4.0, all versions starting from 2.4.2",
               package_slug: "pypi/tensorflow",
               pubdate: "2021-05-14",
               solution: "Upgrade to version 2.5.0 or above.",
               title: "Divide By Zero",
               urls: [
                  "https://nvd.nist.gov/vuln/detail/CVE-2021-29586",
               ],
               uuid: "df0076bd-4052-4b93-811c-ddf3934ce96d",
            },
         ],
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2.1.4",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2.2.3",
                        versionStartIncluding: "2.2.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2.3.3",
                        versionStartIncluding: "2.3.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2.4.2",
                        versionStartIncluding: "2.4.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "security-advisories@github.com",
               ID: "CVE-2021-29586",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeightWidth`(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have `params->stride_{height,width}` be zero, this will result in a division by zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-369",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc",
                     refsource: "MISC",
                     tags: [
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc",
                  },
                  {
                     name: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922",
                     refsource: "CONFIRM",
                     tags: [
                        "Exploit",
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               acInsufInfo: false,
               cvssV2: {
                  accessComplexity: "LOW",
                  accessVector: "LOCAL",
                  authentication: "NONE",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.6,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               exploitabilityScore: 3.9,
               impactScore: 6.4,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "MEDIUM",
               userInteractionRequired: false,
            },
            baseMetricV3: {
               cvssV3: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               exploitabilityScore: 1.8,
               impactScore: 5.9,
            },
         },
         lastModifiedDate: "2021-05-19T17:20Z",
         publishedDate: "2021-05-14T20:15Z",
      },
   },
}

pysec-2021-223

Vulnerability from pysec

Published

2021-05-14 20:15

Modified

2021-08-27 03:22

Details

TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling ComputePaddingHeightWidth(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have params->stride_{height,width} be zero, this will result in a division by zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Impacted products

Name	purl
tensorflow	pkg:pypi/tensorflow

Aliases

JSON

To clipboard

{
   affected: [
      {
         package: {
            ecosystem: "PyPI",
            name: "tensorflow",
            purl: "pkg:pypi/tensorflow",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "0",
                  },
                  {
                     fixed: "5f7975d09eac0f10ed8a17dbb6f5964977725adc",
                  },
               ],
               repo: "https://github.com/tensorflow/tensorflow",
               type: "GIT",
            },
            {
               events: [
                  {
                     introduced: "0",
                  },
                  {
                     fixed: "2.1.4",
                  },
                  {
                     introduced: "2.2.0",
                  },
                  {
                     fixed: "2.2.3",
                  },
                  {
                     introduced: "2.3.0",
                  },
                  {
                     fixed: "2.3.3",
                  },
                  {
                     introduced: "2.4.0",
                  },
                  {
                     fixed: "2.4.2",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
         versions: [
            "0.12.0",
            "0.12.0rc0",
            "0.12.0rc1",
            "0.12.1",
            "1.0.0",
            "1.0.1",
            "1.1.0",
            "1.1.0rc0",
            "1.1.0rc1",
            "1.1.0rc2",
            "1.10.0",
            "1.10.0rc0",
            "1.10.0rc1",
            "1.10.1",
            "1.11.0",
            "1.11.0rc0",
            "1.11.0rc1",
            "1.11.0rc2",
            "1.12.0",
            "1.12.0rc0",
            "1.12.0rc1",
            "1.12.0rc2",
            "1.12.2",
            "1.12.3",
            "1.13.0rc0",
            "1.13.0rc1",
            "1.13.0rc2",
            "1.13.1",
            "1.13.2",
            "1.14.0",
            "1.14.0rc0",
            "1.14.0rc1",
            "1.15.0",
            "1.15.0rc0",
            "1.15.0rc1",
            "1.15.0rc2",
            "1.15.0rc3",
            "1.15.2",
            "1.15.3",
            "1.15.4",
            "1.15.5",
            "1.2.0",
            "1.2.0rc0",
            "1.2.0rc1",
            "1.2.0rc2",
            "1.2.1",
            "1.3.0",
            "1.3.0rc0",
            "1.3.0rc1",
            "1.3.0rc2",
            "1.4.0",
            "1.4.0rc0",
            "1.4.0rc1",
            "1.4.1",
            "1.5.0",
            "1.5.0rc0",
            "1.5.0rc1",
            "1.5.1",
            "1.6.0",
            "1.6.0rc0",
            "1.6.0rc1",
            "1.7.0",
            "1.7.0rc0",
            "1.7.0rc1",
            "1.7.1",
            "1.8.0",
            "1.8.0rc0",
            "1.8.0rc1",
            "1.9.0",
            "1.9.0rc0",
            "1.9.0rc1",
            "1.9.0rc2",
            "2.0.0",
            "2.0.0a0",
            "2.0.0b0",
            "2.0.0b1",
            "2.0.0rc0",
            "2.0.0rc1",
            "2.0.0rc2",
            "2.0.1",
            "2.0.2",
            "2.0.3",
            "2.0.4",
            "2.1.0",
            "2.1.0rc0",
            "2.1.0rc1",
            "2.1.0rc2",
            "2.1.1",
            "2.1.2",
            "2.1.3",
            "2.2.0",
            "2.2.1",
            "2.2.2",
            "2.3.0",
            "2.3.1",
            "2.3.2",
            "2.4.0",
            "2.4.1",
         ],
      },
   ],
   aliases: [
      "CVE-2021-29586",
      "GHSA-26j7-6w8w-7922",
   ],
   details: "TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeightWidth`(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have `params->stride_{height,width}` be zero, this will result in a division by zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.",
   id: "PYSEC-2021-223",
   modified: "2021-08-27T03:22:36.699869Z",
   published: "2021-05-14T20:15:00Z",
   references: [
      {
         type: "FIX",
         url: "https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc",
      },
      {
         type: "ADVISORY",
         url: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922",
      },
   ],
}

pysec-2021-514

Vulnerability from pysec

Published

2021-05-14 20:15

Modified

2021-12-09 06:34

Details

TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling ComputePaddingHeightWidth(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have params->stride_{height,width} be zero, this will result in a division by zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Impacted products

Name	purl
tensorflow-cpu	pkg:pypi/tensorflow-cpu

Aliases

JSON

To clipboard

{
   affected: [
      {
         package: {
            ecosystem: "PyPI",
            name: "tensorflow-cpu",
            purl: "pkg:pypi/tensorflow-cpu",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "0",
                  },
                  {
                     fixed: "5f7975d09eac0f10ed8a17dbb6f5964977725adc",
                  },
               ],
               repo: "https://github.com/tensorflow/tensorflow",
               type: "GIT",
            },
            {
               events: [
                  {
                     introduced: "0",
                  },
                  {
                     fixed: "2.1.4",
                  },
                  {
                     introduced: "2.2.0",
                  },
                  {
                     fixed: "2.2.3",
                  },
                  {
                     introduced: "2.3.0",
                  },
                  {
                     fixed: "2.3.3",
                  },
                  {
                     introduced: "2.4.0",
                  },
                  {
                     fixed: "2.4.2",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
         versions: [
            "1.15.0",
            "2.1.0",
            "2.1.1",
            "2.1.2",
            "2.1.3",
            "2.2.0",
            "2.2.1",
            "2.2.2",
            "2.3.0",
            "2.3.1",
            "2.3.2",
            "2.4.0",
            "2.4.1",
         ],
      },
   ],
   aliases: [
      "CVE-2021-29586",
      "GHSA-26j7-6w8w-7922",
   ],
   details: "TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeightWidth`(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have `params->stride_{height,width}` be zero, this will result in a division by zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.",
   id: "PYSEC-2021-514",
   modified: "2021-12-09T06:34:56.717383Z",
   published: "2021-05-14T20:15:00Z",
   references: [
      {
         type: "FIX",
         url: "https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc",
      },
      {
         type: "ADVISORY",
         url: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922",
      },
   ],
}

pysec-2021-712

Vulnerability from pysec

Published

2021-05-14 20:15

Modified

2021-12-09 06:35

Details

TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling ComputePaddingHeightWidth(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have params->stride_{height,width} be zero, this will result in a division by zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Impacted products

Name	purl
tensorflow-gpu	pkg:pypi/tensorflow-gpu

Aliases

JSON

To clipboard

{
   affected: [
      {
         package: {
            ecosystem: "PyPI",
            name: "tensorflow-gpu",
            purl: "pkg:pypi/tensorflow-gpu",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "0",
                  },
                  {
                     fixed: "5f7975d09eac0f10ed8a17dbb6f5964977725adc",
                  },
               ],
               repo: "https://github.com/tensorflow/tensorflow",
               type: "GIT",
            },
            {
               events: [
                  {
                     introduced: "0",
                  },
                  {
                     fixed: "2.1.4",
                  },
                  {
                     introduced: "2.2.0",
                  },
                  {
                     fixed: "2.2.3",
                  },
                  {
                     introduced: "2.3.0",
                  },
                  {
                     fixed: "2.3.3",
                  },
                  {
                     introduced: "2.4.0",
                  },
                  {
                     fixed: "2.4.2",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
         versions: [
            "0.12.0",
            "0.12.1",
            "1.0.0",
            "1.0.1",
            "1.1.0",
            "1.10.0",
            "1.10.1",
            "1.11.0",
            "1.12.0",
            "1.12.2",
            "1.12.3",
            "1.13.1",
            "1.13.2",
            "1.14.0",
            "1.15.0",
            "1.15.2",
            "1.15.3",
            "1.15.4",
            "1.15.5",
            "1.2.0",
            "1.2.1",
            "1.3.0",
            "1.4.0",
            "1.4.1",
            "1.5.0",
            "1.5.1",
            "1.6.0",
            "1.7.0",
            "1.7.1",
            "1.8.0",
            "1.9.0",
            "2.0.0",
            "2.0.1",
            "2.0.2",
            "2.0.3",
            "2.0.4",
            "2.1.0",
            "2.1.1",
            "2.1.2",
            "2.1.3",
            "2.2.0",
            "2.2.1",
            "2.2.2",
            "2.3.0",
            "2.3.1",
            "2.3.2",
            "2.4.0",
            "2.4.1",
         ],
      },
   ],
   aliases: [
      "CVE-2021-29586",
      "GHSA-26j7-6w8w-7922",
   ],
   details: "TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeightWidth`(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have `params->stride_{height,width}` be zero, this will result in a division by zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.",
   id: "PYSEC-2021-712",
   modified: "2021-12-09T06:35:29.712146Z",
   published: "2021-05-14T20:15:00Z",
   references: [
      {
         type: "FIX",
         url: "https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc",
      },
      {
         type: "ADVISORY",
         url: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922",
      },
   ],
}

ghsa-26j7-6w8w-7922

Vulnerability from github

Published

2021-05-21 14:26

Modified

2024-11-13 16:01

Severity ?

2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
2.3 (Low) - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Summary

Division by zero in optimized pooling implementations in TFLite

Details

Impact

Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling ComputePaddingHeightWidth.

Since users can craft special models which will have params->stride_{height,width} be zero, this will result in a division by zero.

Patches

We have patched the issue in GitHub commit 5f7975d09eac0f10ed8a17dbb6f5964977725adc.

The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Show details on source website

JSON

To clipboard

{
   affected: [
      {
         package: {
            ecosystem: "PyPI",
            name: "tensorflow",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "0",
                  },
                  {
                     fixed: "2.1.4",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "PyPI",
            name: "tensorflow",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "2.2.0",
                  },
                  {
                     fixed: "2.2.3",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "PyPI",
            name: "tensorflow",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "2.3.0",
                  },
                  {
                     fixed: "2.3.3",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "PyPI",
            name: "tensorflow",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "2.4.0",
                  },
                  {
                     fixed: "2.4.2",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "PyPI",
            name: "tensorflow-cpu",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "0",
                  },
                  {
                     fixed: "2.1.4",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "PyPI",
            name: "tensorflow-cpu",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "2.2.0",
                  },
                  {
                     fixed: "2.2.3",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "PyPI",
            name: "tensorflow-cpu",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "2.3.0",
                  },
                  {
                     fixed: "2.3.3",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "PyPI",
            name: "tensorflow-cpu",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "2.4.0",
                  },
                  {
                     fixed: "2.4.2",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "PyPI",
            name: "tensorflow-gpu",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "0",
                  },
                  {
                     fixed: "2.1.4",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "PyPI",
            name: "tensorflow-gpu",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "2.2.0",
                  },
                  {
                     fixed: "2.2.3",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "PyPI",
            name: "tensorflow-gpu",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "2.3.0",
                  },
                  {
                     fixed: "2.3.3",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "PyPI",
            name: "tensorflow-gpu",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "2.4.0",
                  },
                  {
                     fixed: "2.4.2",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
   ],
   aliases: [
      "CVE-2021-29586",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-369",
      ],
      github_reviewed: true,
      github_reviewed_at: "2021-05-18T17:03:33Z",
      nvd_published_at: "2021-05-14T20:15:00Z",
      severity: "LOW",
   },
   details: "### Impact\nOptimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling [`ComputePaddingHeightWidth`](https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90).\n\nSince users can craft special models which will have `params->stride_{height,width}` be zero, this will result in a division by zero.\n                          \n### Patches\nWe have patched the issue in GitHub commit [5f7975d09eac0f10ed8a17dbb6f5964977725adc](https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc).\n      \nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n      \n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
   id: "GHSA-26j7-6w8w-7922",
   modified: "2024-11-13T16:01:10Z",
   published: "2021-05-21T14:26:43Z",
   references: [
      {
         type: "WEB",
         url: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922",
      },
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2021-29586",
      },
      {
         type: "WEB",
         url: "https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc",
      },
      {
         type: "WEB",
         url: "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-514.yaml",
      },
      {
         type: "WEB",
         url: "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-712.yaml",
      },
      {
         type: "WEB",
         url: "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-223.yaml",
      },
      {
         type: "PACKAGE",
         url: "https://github.com/tensorflow/tensorflow",
      },
      {
         type: "WEB",
         url: "https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
         type: "CVSS_V3",
      },
      {
         score: "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
         type: "CVSS_V4",
      },
   ],
   summary: "Division by zero in optimized pooling implementations in TFLite",
}

fkie_cve-2021-29586

Vulnerability from fkie_nvd

Published

2021-05-14 20:15

Modified

2024-11-21 06:01

Severity ?

2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922	Exploit, Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
google	tensorflow	*
google	tensorflow	*
google	tensorflow	*
google	tensorflow	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "323ABCCE-24EB-47CC-87F6-48C101477587",
                     versionEndExcluding: "2.1.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "64ABA90C-0649-4BB0-89C9-83C14BBDCC0F",
                     versionEndExcluding: "2.2.3",
                     versionStartIncluding: "2.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F83E0CF-CBF6-4C24-8683-3E7A5DC95BA9",
                     versionEndExcluding: "2.3.3",
                     versionStartIncluding: "2.3.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8259531B-A8AC-4F8B-B60F-B69DE4767C03",
                     versionEndExcluding: "2.4.2",
                     versionStartIncluding: "2.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeightWidth`(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have `params->stride_{height,width}` be zero, this will result in a division by zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.",
      },
      {
         lang: "es",
         value: "TensorFlow es una plataforma de código abierto de extremo a extremo para el aprendizaje automático.&#xa0;Las implementaciones de agrupación optimizadas en TFLite no pueden comprobar que los argumentos de stride no sean 0 versiones anteriores a llamar a la función \"ComputePaddingHeightWidth\" (https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernel#s/pooling).&#xa0;Dado que los usuarios pueden diseñar modelos especiales que tendrán \"params-&gt; stride_ {height, width}\" ser cero, esto resultará en una división por cero.&#xa0;La corrección será incluida en TensorFlow versión 2.5.0.&#xa0;También seleccionaremos este compromiso en TensorFlow versión 2.4.2, TensorFlow versión 2.3.3, TensorFlow versión 2.2.3 y TensorFlow versión 2.1.4, ya que estos también están afectados y aún están en el rango admitido",
      },
   ],
   id: "CVE-2021-29586",
   lastModified: "2024-11-21T06:01:26.187",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "LOW",
               baseScore: 2.5,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 1.4,
            source: "security-advisories@github.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-05-14T20:15:14.627",
   references: [
      {
         source: "security-advisories@github.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc",
      },
      {
         source: "security-advisories@github.com",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922",
      },
   ],
   sourceIdentifier: "security-advisories@github.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-369",
            },
         ],
         source: "security-advisories@github.com",
         type: "Primary",
      },
   ],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-29586

Vulnerability from cvelistv5

gsd-2021-29586

Vulnerability from gsd

pysec-2021-223

Vulnerability from pysec

pysec-2021-514

Vulnerability from pysec

pysec-2021-712

Vulnerability from pysec

ghsa-26j7-6w8w-7922

Vulnerability from github

Impact

Patches

For more information

Attribution

fkie_cve-2021-29586

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature