CVE-2021-29604

TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/hashtable_lookup.cc#L114-L115) An attacker can craft a model such that `values`'s first dimension would be 0. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/tensorflow/tensorflow/commit/5117e0851348065ed59c991562c0ec80d9193db2	Patch Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rm6-75mf-7r7r	Exploit Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow::::::::

History

No history.

Information

Published : 2021-05-14 20:15

Updated : 2021-05-18 15:15

NVD link : CVE-2021-29604

Mitre link : CVE-2021-29604

CVE.ORG link : CVE-2021-29604

JSON object : View

Products Affected

google

tensorflow

CWE

CWE-369

Divide By Zero

{"id": "CVE-2021-29604", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.5, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.0}]}, "published": "2021-05-14T20:15:15.620", "references": [{"url": "https://github.com/tensorflow/tensorflow/commit/5117e0851348065ed59c991562c0ec80d9193db2", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rm6-75mf-7r7r", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-369"}]}], "descriptions": [{"lang": "en", "value": "TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/hashtable_lookup.cc#L114-L115) An attacker can craft a model such that `values`'s first dimension would be 0. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range."}, {"lang": "es", "value": "TensorFlow es una plataforma de c\u00f3digo abierto de extremo a extremo para el aprendizaje autom\u00e1tico. La implementaci\u00f3n de TFLite de b\u00fasqueda de tablas hash es vulnerable a un error de divisi\u00f3n por cero (https://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/hashtable_lookup.cc#L114-L115 craft a attacker) modelo tal que la primera dimensi\u00f3n de \"values\" ser\u00eda 0. La correcci\u00f3n ser\u00e1 incluida en TensorFlow versi\u00f3n 2.5.0. Tambi\u00e9n seleccionaremos este commit en TensorFlow versi\u00f3n 2.4.2, TensorFlow versi\u00f3n 2.3.3, TensorFlow versi\u00f3n 2.2.3 y TensorFlow versi\u00f3n 2.1.4, ya que estos tambi\u00e9n est\u00e1n afectados y a\u00fan est\u00e1n en el rango compatible"}], "lastModified": "2021-05-18T15:15:32.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "323ABCCE-24EB-47CC-87F6-48C101477587", "versionEndExcluding": "2.1.4"}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64ABA90C-0649-4BB0-89C9-83C14BBDCC0F", "versionEndExcluding": "2.2.3", "versionStartIncluding": "2.2.0"}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F83E0CF-CBF6-4C24-8683-3E7A5DC95BA9", "versionEndExcluding": "2.3.3", "versionStartIncluding": "2.3.0"}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8259531B-A8AC-4F8B-B60F-B69DE4767C03", "versionEndExcluding": "2.4.2", "versionStartIncluding": "2.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}