CWE-369
AllowedDivide By Zero
Abstraction: Base · Status: Draft
The product divides a value by zero.
577 vulnerabilities reference this CWE, most recent first.
GHSA-HMWC-5F9Q-3986
Vulnerability from github – Published: 2022-05-14 01:44 – Updated: 2022-05-14 01:44A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.
{
"affected": [],
"aliases": [
"CVE-2018-5804"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-07T22:29:00Z",
"severity": "MODERATE"
},
"details": "A type confusion error within the \"identify()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.",
"id": "GHSA-hmwc-5f9q-3986",
"modified": "2022-05-14T01:44:34Z",
"published": "2022-05-14T01:44:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5804"
},
{
"type": "WEB",
"url": "https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff"
},
{
"type": "WEB",
"url": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt"
},
{
"type": "WEB",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/81000"
},
{
"type": "WEB",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HP4C-X6R7-6555
Vulnerability from github – Published: 2021-08-25 14:44 – Updated: 2024-11-13 16:35Impact
The implementation of tf.raw_ops.SparseDenseCwiseDiv is vulnerable to a division by 0 error:
import tensorflow as tf
import numpy as np
tf.raw_ops.SparseDenseCwiseDiv(
sp_indices=np.array([[4]]),
sp_values=np.array([-400]),
sp_shape=np.array([647.]),
dense=np.array([0]))
The implementation uses a common class for all binary operations but fails to treat the division by 0 case separately.
Patches
We have patched the issue in GitHub commit d9204be9f49520cdaaeb2541d1dc5187b23f31d9.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
}
],
"aliases": [
"CVE-2021-37636"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-23T17:57:14Z",
"nvd_published_at": "2021-08-12T18:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error:\n\n```python\nimport tensorflow as tf\nimport numpy as np\n\ntf.raw_ops.SparseDenseCwiseDiv( \n sp_indices=np.array([[4]]),\n sp_values=np.array([-400]),\n sp_shape=np.array([647.]),\n dense=np.array([0]))\n```\n\nThe [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc#L56) uses a common class for all binary operations but fails to treat the division by 0 case separately.\n\n### Patches\nWe have patched the issue in GitHub commit [d9204be9f49520cdaaeb2541d1dc5187b23f31d9](https://github.com/tensorflow/tensorflow/commit/d9204be9f49520cdaaeb2541d1dc5187b23f31d9).\n\nThe fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-hp4c-x6r7-6555",
"modified": "2024-11-13T16:35:32Z",
"published": "2021-08-25T14:44:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hp4c-x6r7-6555"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37636"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/d9204be9f49520cdaaeb2541d1dc5187b23f31d9"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-549.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-747.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-258.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Floating point exception in `SparseDenseCwiseDiv`"
}
GHSA-HPQQ-HRXQ-VC4X
Vulnerability from github – Published: 2025-06-20 21:32 – Updated: 2025-06-26 18:31An issue in redoxOS kernel before commit 5d41cd7c allows a local attacker to cause a denial of service via the setitimer syscall
{
"affected": [],
"aliases": [
"CVE-2025-46158"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-20T18:15:28Z",
"severity": "MODERATE"
},
"details": "An issue in redoxOS kernel before commit 5d41cd7c allows a local attacker to cause a denial of service via the `setitimer` syscall",
"id": "GHSA-hpqq-hrxq-vc4x",
"modified": "2025-06-26T18:31:24Z",
"published": "2025-06-20T21:32:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46158"
},
{
"type": "WEB",
"url": "https://github.com/Marsman1996/pocs/tree/master/redox/CVE-2025-46158"
},
{
"type": "WEB",
"url": "https://gitlab.redox-os.org/redox-os/kernel/-/issues/164"
},
{
"type": "WEB",
"url": "https://gitlab.redox-os.org/redox-os/kernel/-/merge_requests/386"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HV6G-HV36-GG9F
Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2024-04-04 07:06An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c.
{
"affected": [],
"aliases": [
"CVE-2021-40211"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-22T19:16:21Z",
"severity": "HIGH"
},
"details": "An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c.",
"id": "GHSA-hv6g-hv36-gg9f",
"modified": "2024-04-04T07:06:45Z",
"published": "2023-08-22T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40211"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/4097"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HW8P-X386-RR5F
Vulnerability from github – Published: 2024-05-19 12:30 – Updated: 2026-05-12 12:31In the Linux kernel, the following vulnerability has been resolved:
fbmon: prevent division by zero in fb_videomode_from_videomode()
The expression htotal * vtotal can have a zero value on overflow. It is necessary to prevent division by zero like in fb_var_to_videomode().
Found by Linux Verification Center (linuxtesting.org) with Svace.
{
"affected": [],
"aliases": [
"CVE-2024-35922"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-19T11:15:48Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbmon: prevent division by zero in fb_videomode_from_videomode()\n\nThe expression htotal * vtotal can have a zero value on\noverflow. It is necessary to prevent division by zero like in\nfb_var_to_videomode().\n\nFound by Linux Verification Center (linuxtesting.org) with Svace.",
"id": "GHSA-hw8p-x386-rr5f",
"modified": "2026-05-12T12:31:49Z",
"published": "2024-05-19T12:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35922"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1b107d637fed68a787da77a3514ad06e57abd0b4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1fb52bc1de55e9e0bdf71fe078efd4da0889710f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3d4b909704bf2114f64f87363fa22b5ef8ac4a33"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/48d6bcfc31751ca2e753d901a2d82f27edf8a029"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/664206ff8b019bcd1e55b10b2eea3add8761b971"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/72d091b7515e0532ee015e144c906f3bcfdd6270"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/951838fee462aa01fa2a6a91d56f9a495082e7f0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c2d953276b8b27459baed1277a4fdd5dd9bd4126"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HXCJ-JVXX-W9VP
Vulnerability from github – Published: 2022-05-14 00:57 – Updated: 2022-05-14 00:57An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.
{
"affected": [],
"aliases": [
"CVE-2019-10023"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-25T00:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.",
"id": "GHSA-hxcj-jvxx-w9vp",
"modified": "2022-05-14T00:57:27Z",
"published": "2022-05-14T00:57:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10023"
},
{
"type": "WEB",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4042-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HXFW-JM98-V4MQ
Vulnerability from github – Published: 2021-10-12 22:21 – Updated: 2021-11-18 15:27An issue was discovered in OpenCV 4.1.0 (OpenCV-Python 4.1.0.25). There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.0.25"
},
"package": {
"ecosystem": "PyPI",
"name": "opencv-python"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.1.26"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.0.25"
},
"package": {
"ecosystem": "PyPI",
"name": "opencv-python-headless"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.1.26"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.0.25"
},
"package": {
"ecosystem": "PyPI",
"name": "opencv-contrib-python"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.1.26"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.0.25"
},
"package": {
"ecosystem": "PyPI",
"name": "opencv-contrib-python-headless"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.1.26"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-15939"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2021-10-06T20:35:29Z",
"nvd_published_at": "2019-09-05T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in OpenCV 4.1.0 (OpenCV-Python 4.1.0.25). There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.",
"id": "GHSA-hxfw-jm98-v4mq",
"modified": "2021-11-18T15:27:49Z",
"published": "2021-10-12T22:21:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15939"
},
{
"type": "WEB",
"url": "https://github.com/OpenCV/opencv/issues/15287"
},
{
"type": "WEB",
"url": "https://github.com/opencv/opencv/pull/15382"
},
{
"type": "PACKAGE",
"url": "https://github.com/opencv/opencv-python"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Divide By Zero in OpenCV."
}
GHSA-J49C-JWHF-PGWQ
Vulnerability from github – Published: 2023-05-31 00:31 – Updated: 2024-04-04 04:24Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a Divide-by-Zero vulnerability in the packet parser. A remote attacker could leverage this vulnerability to cause a denial-of-service. Exploitation of this issue does not require user interaction.
{
"affected": [],
"aliases": [
"CVE-2022-47525"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-31T00:15:09Z",
"severity": "HIGH"
},
"details": "Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a Divide-by-Zero vulnerability in the packet parser. A remote attacker could leverage this vulnerability to cause a denial-of-service. Exploitation of this issue does not require user interaction.",
"id": "GHSA-j49c-jwhf-pgwq",
"modified": "2024-04-04T04:24:29Z",
"published": "2023-05-31T00:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47525"
},
{
"type": "WEB",
"url": "https://www.fox-it.com/nl-en/fox-crypto/fox-datadiode"
},
{
"type": "WEB",
"url": "https://www.fox-it.com/nl-en/software-vulnerability-report"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J7RM-8WW4-XX2G
Vulnerability from github – Published: 2021-05-21 14:26 – Updated: 2024-11-13 16:01Impact
The Prepare step of the SpaceToDepth TFLite operator does not check for 0 before division.
const int block_size = params->block_size;
const int input_height = input->dims->data[1];
const int input_width = input->dims->data[2];
int output_height = input_height / block_size;
int output_width = input_width / block_size;
An attacker can craft a model such that params->block_size would be zero.
Patches
We have patched the issue in GitHub commit 0d45ea1ca641b21b73bcf9c00e0179cda284e7e7.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29587"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-18T17:02:05Z",
"nvd_published_at": "2021-05-14T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nThe `Prepare` step of the `SpaceToDepth` TFLite operator [does not check for 0 before division](https://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/space_to_depth.cc#L63-L67).\n\n```cc \nconst int block_size = params-\u003eblock_size;\nconst int input_height = input-\u003edims-\u003edata[1];\nconst int input_width = input-\u003edims-\u003edata[2];\nint output_height = input_height / block_size;\nint output_width = input_width / block_size;\n``` \n\nAn attacker can craft a model such that `params-\u003eblock_size` would be zero.\n\n### Patches\nWe have patched the issue in GitHub commit [0d45ea1ca641b21b73bcf9c00e0179cda284e7e7](https://github.com/tensorflow/tensorflow/commit/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-j7rm-8ww4-xx2g",
"modified": "2024-11-13T16:01:42Z",
"published": "2021-05-21T14:26:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j7rm-8ww4-xx2g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29587"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-515.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-713.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-224.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/space_to_depth.cc#L63-L67"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Division by zero in TFLite\u0027s implementation of `SpaceToDepth`"
}
GHSA-J8QC-5FQR-52FP
Vulnerability from github – Published: 2021-05-21 14:22 – Updated: 2024-10-30 23:26Impact
An attacker can cause a division by zero to occur in Conv2DBackpropFilter:
import tensorflow as tf
input_tensor = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32)
filter_sizes = tf.constant([0, 0, 0, 0], shape=[4], dtype=tf.int32)
out_backprop = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32)
tf.raw_ops.Conv2DBackpropFilter(
input=input_tensor,
filter_sizes=filter_sizes,
out_backprop=out_backprop,
strides=[1, 1, 1, 1],
use_cudnn_on_gpu=False,
padding='SAME',
explicit_paddings=[],
data_format='NHWC',
dilations=[1, 1, 1, 1]
)
This is because the implementation computes a divisor based on user provided data (i.e., the shape of the tensors given as arguments):
const size_t size_A = output_image_size * filter_total_size;
const size_t size_B = output_image_size * dims.out_depth;
const size_t size_C = filter_total_size * dims.out_depth;
const size_t work_unit_size = size_A + size_B + size_C;
const size_t shard_size = (target_working_set_size + work_unit_size - 1) / work_unit_size;
If all shapes are empty then work_unit_size is 0. Since there is no check for this case before division, this results in a runtime exception, with potential to be abused for a denial of service.
Patches
We have patched the issue in GitHub commit c570e2ecfc822941335ad48f6e10df4e21f11c96.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29538"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-18T22:30:42Z",
"nvd_published_at": "2021-05-14T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nAn attacker can cause a division by zero to occur in `Conv2DBackpropFilter`:\n\n```python\nimport tensorflow as tf\n\ninput_tensor = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32)\nfilter_sizes = tf.constant([0, 0, 0, 0], shape=[4], dtype=tf.int32)\nout_backprop = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32)\n\ntf.raw_ops.Conv2DBackpropFilter(\n input=input_tensor,\n filter_sizes=filter_sizes,\n out_backprop=out_backprop,\n strides=[1, 1, 1, 1],\n use_cudnn_on_gpu=False,\n padding=\u0027SAME\u0027,\n explicit_paddings=[],\n data_format=\u0027NHWC\u0027,\n dilations=[1, 1, 1, 1]\n)\n```\n\nThis is because the [implementation](https://github.com/tensorflow/tensorflow/blob/1b0296c3b8dd9bd948f924aa8cd62f87dbb7c3da/tensorflow/core/kernels/conv_grad_filter_ops.cc#L513-L522) computes a divisor based on user provided data (i.e., the shape of the tensors given as arguments):\n\n```cc\nconst size_t size_A = output_image_size * filter_total_size; \nconst size_t size_B = output_image_size * dims.out_depth;\nconst size_t size_C = filter_total_size * dims.out_depth;\nconst size_t work_unit_size = size_A + size_B + size_C;\nconst size_t shard_size = (target_working_set_size + work_unit_size - 1) / work_unit_size;\n```\n\nIf all shapes are empty then `work_unit_size` is 0. Since there is no check for this case before division, this results in a runtime exception, with potential to be abused for a denial of service. \n\n### Patches\nWe have patched the issue in GitHub commit [c570e2ecfc822941335ad48f6e10df4e21f11c96](https://github.com/tensorflow/tensorflow/commit/c570e2ecfc822941335ad48f6e10df4e21f11c96).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n \n### Attribution\nThis vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.",
"id": "GHSA-j8qc-5fqr-52fp",
"modified": "2024-10-30T23:26:36Z",
"published": "2021-05-21T14:22:38Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8qc-5fqr-52fp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29538"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/c570e2ecfc822941335ad48f6e10df4e21f11c96"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-466.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-664.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-175.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Division by zero in `Conv2DBackpropFilter`"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.