Lucene search
GoogleOSV:PYSEC-2021-764HistoryAug 12, 2021 - 6:15 p.m.
PYSEC-2021-764
2021-08-1218:15:00
Google
osv.dev
7
tensorflow
resourcegather
vulnerability
patch
github
commit
2.6.0
cherrypick
2.5.1
2.4.3
2.3.4
supported range
EPSS
0
Percentile
12.6%
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.raw_ops.ResourceGather. The implementation computes the value of a value, batch_size, and then divides by it without checking that this value is not 0. We have patched the issue in GitHub commit ac117ee8a8ea57b73d34665cdf00ef3303bc0b11. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
Related
osv
osv
BIT-tensorflow-2021-37653
2024-03-06 11:17:30
PYSEC-2021-566
2021-08-12 18:15:00
Division by 0 in `ResourceGather`
2021-08-25 14:43:04
nvd
nvd
CVE-2021-37653
2021-08-12 18:15:10
cvelist
cvelist
CVE-2021-37653 Division by 0 in `ResourceGather` in TensorFlow
2021-08-12 17:35:22
cve
cve
CVE-2021-37653
2021-08-12 18:15:10
prion
prion
Code injection
2021-08-12 18:15:00
cnvd
cnvd
Google TensorFlow Dezero Error Vulnerability (CNVD-2021-64068)
2021-08-20 00:00:00
github
github
Division by 0 in `ResourceGather`
2021-08-25 14:43:04
nessus
nessus
openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)
2022-06-19 00:00:00
suse
suse
Security update for tensorflow2 (moderate)
2022-06-18 00:00:00
