Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2021-29522 | First vendor Publication | 2021-05-14 |
Vendor | Cve | Last vendor Modification | 2021-05-20 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | |||
---|---|---|---|
Overall CVSS Score | 5.5 | ||
Base Score | 5.5 | Environmental Score | 5.5 |
impact SubScore | 3.6 | Temporal Score | 5.5 |
Exploitabality Sub Score | 1.8 | ||
Attack Vector | Local | Attack Complexity | Low |
Privileges Required | Low | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | None |
Integrity Impact | None | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
TensorFlow is an end-to-end open source platform for machine learning. The `tf.raw_ops.Conv3DBackprop*` operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/a91bb59769f19146d5a0c20060244378e878f140/tensorflow/core/kernels/conv_grad_ops_3d.cc#L430-L450) does not check that the divisor used in computing the shard size is not zero. Thus, if attacker controls the input sizes, they can trigger a denial of service via a division by zero error. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29522 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-369 | Divide By Zero |
CPE : Common Platform Enumeration
Sources (Detail)
Source | Url |
---|---|
CONFIRM | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c968-pq7h-7fxv |
MISC | https://github.com/tensorflow/tensorflow/commit/311403edbc9816df80274bd1ea8b3... |
Alert History
Date | Informations |
---|---|
2021-08-18 01:42:34 |
|
2021-05-20 21:23:10 |
|
2021-05-15 05:22:49 |
|