[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CVE-2021-29597 log

Source
Severity Low
Remote No
Type Denial of service
Description
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `SpaceToBatchNd` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/412c7d9bb8f8a762c5b266c9e73bfa165f29aac8/tensorflow/lite/kernels/space_to_batch_nd.cc#L82-L83). An attacker can craft a model such that one dimension of the `block` input is 0. Hence, the corresponding value in `block_shape` is 0.
Group Package Affected Fixed Severity Status Ticket
AVG-1962 tensorflow 2.4.1-10 2.5.0-1 Critical Fixed
References
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v52p-hfjf-wg88
https://github.com/tensorflow/tensorflow/commit/6d36ba65577006affb272335b7c1abd829010708