7.8

CVE-2021-29594

Exploit

Division by zero in TFLite's convolution code

TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution code(https://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc) has multiple division where the divisor is controlled by the user and not checked to be non-zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleTensorflow Version < 2.1.4
GoogleTensorflow Version >= 2.2.0 < 2.2.3
GoogleTensorflow Version >= 2.3.0 < 2.3.3
GoogleTensorflow Version >= 2.4.0 < 2.4.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
security-advisories@github.com 2.5 1 1.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE-369 Divide By Zero

The product divides a value by zero.

https://github.com/tensorflow/tensorflow/commit/ff489d95a9006be080ad14feb378f2b4dac35552
Patch
Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3qgw-p4fm-x7gf
Patch
Third Party Advisory
Exploit