CVE-2021-29588: Division by zero in TFLite's implementation of `TransposeConv`
(updated )
The optimized implementation of the TransposeConv TFLite operator is vulnerable to a division by zero error:
int height_col = (height + pad_t + pad_b - filter_h) / stride_h + 1;
int width_col = (width + pad_l + pad_r - filter_w) / stride_w + 1;
An attacker can craft a model such that stride_{h,w} values are 0. Code calling this function must validate these arguments.
References
- github.com/advisories/GHSA-vfr4-x8j2-3rf9
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-516.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-714.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-225.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/internal/optimized/optimized_ops.h
- github.com/tensorflow/tensorflow/commit/801c1c6be5324219689c98e1bd3e0ca365ee834d
- github.com/tensorflow/tensorflow/security/advisories/GHSA-vfr4-x8j2-3rf9
- nvd.nist.gov/vuln/detail/CVE-2021-29588
Detect and mitigate CVE-2021-29588 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →