CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37677 – Missing validation in shape inference for `Dequantize` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37677
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/array_ops.cc#L2999-L3014) uses `axis` to select between two different values for `minmax_rank` which is then used to retrieve tensor dimensions. However, code assumes that `axis` can be either `-1` or a value greater than `-1`, with no validation for the other values. We have patched the issue in GitHub commit da857cfa0fde8f79ad0afdbc94e88b5d4bbec764. • https://github.com/tensorflow/tensorflow/commit/da857cfa0fde8f79ad0afdbc94e88b5d4bbec764 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qfpc-5pjr-mh26 • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37683 – Division by zero in TensorFlow Lite division operations
https://notcve.org/view.php?id=CVE-2021-37683
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/div.cc). There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit 1e206baedf8bef0334cca3eb92bab134ef525a28. The fix will be included in TensorFlow 2.6.0. • https://github.com/tensorflow/tensorflow/commit/1e206baedf8bef0334cca3eb92bab134ef525a28 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rhrq-64mq-hf9h • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37684 – Division by zero in TensorFlow Lite pooling operations
https://notcve.org/view.php?id=CVE-2021-37684
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit [dfa22b348b70bb89d6d6ec0ff53973bacb4f4695](https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695). The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q7f7-544h-67h9 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37668 – Division by zero in TensorFlow Lite `tf.raw_ops.UnravelIndex`
https://notcve.org/view.php?id=CVE-2021-37668
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by triggering a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unravel_index_op.cc#L36) does not check that the tensor subsumed by `dims` is not empty. Hence, if one element of `dims` is 0, the implementation does a division by 0. We have patched the issue in GitHub commit a776040a5e7ebf76eeb7eb923bf1ae417dd4d233. • https://github.com/tensorflow/tensorflow/commit/a776040a5e7ebf76eeb7eb923bf1ae417dd4d233 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2wmv-37vq-52g5 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37670 – Heap OOB in `UpperBound` and `LowerBound` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37670
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.UpperBound`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank of `sorted_input` argument. A similar issue occurs in `tf.raw_ops.LowerBound`. We have patched the issue in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38. • https://github.com/tensorflow/tensorflow/commit/42459e4273c2e47a3232cc16c4f4fff3b3a35c38 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9697-98pf-4rw7 • CWE-125: Out-of-bounds Read •