CVE-2021-29598 log

Source
Severity Low
Remote No
Type Denial of service
Description
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `SVDF` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/svdf.cc#L99-L102). An attacker can craft a model such that `params->rank` would be 0.
Group Package Affected Fixed Severity Status Ticket
AVG-1962 tensorflow 2.4.1-10 2.5.0-1 Critical Fixed
References
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pmpr-55fj-r229
https://github.com/tensorflow/tensorflow/commit/6841e522a3e7d48706a02e8819836e809f738682