CVE-2021-29602 log
| Source |
|
| Severity | Low |
| Remote | No |
| Type | Denial of service |
| Description | A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `DepthwiseConv` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/depthwise_conv.cc#L287-L288). An attacker can craft a model such that `input`'s fourth dimension would be 0. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1962 | tensorflow | 2.4.1-10 | 2.5.0-1 | Critical | Fixed |
| References |
|---|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rf3h-xgv5-2q39 https://github.com/tensorflow/tensorflow/commit/cbda3c6b2dbbd3fbdc482ff8c0170a78ec2e97d0 |