CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37653 – Division by 0 in `ResourceGather` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37653
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L725-L731) computes the value of a value, `batch_size`, and then divides by it without checking that this value is not 0. We have patched the issue in GitHub commit ac117ee8a8ea57b73d34665cdf00ef3303bc0b11. The fix will be included in TensorFlow 2.6.0. • https://github.com/tensorflow/tensorflow/commit/ac117ee8a8ea57b73d34665cdf00ef3303bc0b11 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjj8-32p7-h289 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37642 – Division by 0 in `ResourceScatterDiv` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37642
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/resource_variable_ops.cc#L865) uses a common class for all binary operations but fails to treat the division by 0 case separately. We have patched the issue in GitHub commit 4aacb30888638da75023e6601149415b39763d76. The fix will be included in TensorFlow 2.6.0. • https://github.com/tensorflow/tensorflow/commit/4aacb30888638da75023e6601149415b39763d76 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-ch4f-829c-v5pw • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37640 – Integer division by 0 in sparse reshaping in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37640
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L176-L181) calls the reshaping functor whenever there is at least an index in the input but does not check that shape of the input or the target shape have both a non-zero number of elements. The [reshape functor](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L40-L78) blindly divides by the dimensions of the target shape. Hence, if this is not checked, code will result in a division by 0. • https://github.com/tensorflow/tensorflow/commit/4923de56ec94fff7770df259ab7f2288a74feb41 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-95xm-g58g-3p88 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37636 – Floating point exception in `SparseDenseCwiseDiv` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37636
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc#L56) uses a common class for all binary operations but fails to treat the division by 0 case separately. We have patched the issue in GitHub commit d9204be9f49520cdaaeb2541d1dc5187b23f31d9. The fix will be included in TensorFlow 2.6.0. • https://github.com/tensorflow/tensorflow/commit/d9204be9f49520cdaaeb2541d1dc5187b23f31d9 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hp4c-x6r7-6555 • CWE-369: Divide By Zero •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-35958
https://notcve.org/view.php?id=CVE-2021-35958
TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives ** EN DISPUTA ** TensorFlow versiones hasta 2.5.0, permite a atacantes sobrescribir archivos arbitrarios por medio de un archivo diseñado cuando se usa la función tf.keras.utils.get_file con extract=True. NOTA: la posición del proveedor es que la función tf.keras.utils.get_file no está pensado para archivos no confiables • https://github.com/miguelc49/CVE-2021-35958-2 https://github.com/miguelc49/CVE-2021-35958-1 https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall https://github.com/tensorflow/tensorflow/blob/b8cad4c631096a34461ff8a07840d5f4d123ce32/tensorflow/python/keras/README.md https://github.com/tensorflow/tensorflow/blob/b8cad4c631096a34461ff8a07840d5f4d123ce32/tensorflow/python/keras/utils/data_utils.py#L137 https://keras.io/api https://vuln.ryotak.me/advisories/52 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •