Miggo Logo

CVE-2021-29526: Division by 0 in `Conv2D`

2.5

CVSS Score
3.1

Basic Information

EPSS Score
0.02005%
Published
5/21/2021
Updated
10/30/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.1.42.1.4
tensorflowpip>= 2.2.0, < 2.2.32.2.3
tensorflowpip>= 2.3.0, < 2.3.32.3.3
tensorflowpip>= 2.4.0, < 2.4.22.4.2
tensorflow-cpupip< 2.1.42.1.4
tensorflow-cpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-cpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-cpupip>= 2.4.0, < 2.4.22.4.2
tensorflow-gpupip< 2.1.42.1.4
tensorflow-gpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-gpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-gpupip>= 2.4.0, < 2.4.22.4.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis is based on the provided GitHub commit patch, focusing on the changes made to conv_ops.cc. The modifications indicate that the original code was vulnerable to division by zero due to lack of checks on patch_depth and num_groups. The added checks mitigate this vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *n *tt**k*r **n tri***r * *ivision *y * in `t*.r*w_ops.*onv**`: ```pyt*on import t*nsor*low *s t* input = t*.*onst*nt([], s**p*=[*, *, *, *], *typ*=t*.*lo*t**) *ilt*r = t*.*onst*nt([], s**p*=[*, *, *, *], *typ*=t*.*lo*t**) stri**s = [*,

Reasoning

T** *n*lysis is **s** on t** provi*** *it*u* *ommit p*t**, *o*usin* on t** ***n**s m*** to *onv_ops.**. T** mo*i*i**tions in*i**t* t**t t** ori*in*l *o** w*s vuln*r**l* to *ivision *y z*ro *u* to l**k o* ****ks on p*t**_**pt* *n* num_*roups. T** ****