CVE-2021-29595: Division by zero in TFLite's implementation of `DepthToSpace`
(updated )
The implementation of the DepthToSpace TFLite operator is vulnerable to a division by zero error:
const int block_size = params->block_size;
...
const int input_channels = input->dims->data[3];
...
int output_channels = input_channels / block_size / block_size;
An attacker can craft a model such that params->block_size is 0.
References
- github.com/advisories/GHSA-vf94-36g5-69v8
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-523.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-721.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-232.yaml
- github.com/tensorflow/tensorflow/commit/106d8f4fb89335a2c52d7c895b7a7485465ca8d9
- github.com/tensorflow/tensorflow/security/advisories/GHSA-vf94-36g5-69v8
- nvd.nist.gov/vuln/detail/CVE-2021-29595
Detect and mitigate CVE-2021-29595 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →