Skip to content

FPE in TFLite division operations

Low
mihaimaruseac published GHSA-rhrq-64mq-hf9h Aug 11, 2021

Package

pip tensorflow-lite (pip)

Affected versions

< 2.6.0

Patched versions

2.3.4, 2.4.3, 2.5.1

Description

Impact

The implementation of division in TFLite is vulnerable to a division by 0 error

There is no check that the divisor tensor does not contain zero elements.

Patches

We have patched the issue in GitHub commit 1e206baedf8bef0334cca3eb92bab134ef525a28.

The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Severity

Low

CVE ID

CVE-2021-37683

Weaknesses

No CWEs