Miggo Logo

CVE-2021-29556: Division by 0 in `Reverse`

2.5

CVSS Score
3.1

Basic Information

EPSS Score
0.01803%
Published
5/21/2021
Updated
10/31/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.1.42.1.4
tensorflowpip>= 2.2.0, < 2.2.32.2.3
tensorflowpip>= 2.3.0, < 2.3.32.3.3
tensorflowpip>= 2.4.0, < 2.4.22.4.2
tensorflow-cpupip< 2.1.42.1.4
tensorflow-cpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-cpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-cpupip>= 2.4.0, < 2.4.22.4.2
tensorflow-gpupip< 2.1.42.1.4
tensorflow-gpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-gpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-gpupip>= 2.4.0, < 2.4.22.4.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems directly from the unvalidated use of input.dim_size(0) in a division operation within the Compute method of ReverseOp. The patch adds validation for input.dim_size(0) in this exact function, confirming this is the vulnerable location. The code structure and commit diff explicitly show the vulnerable division occurs in this function's implementation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *n *tt**k*r **n **us* * **ni*l o* s*rvi** vi* * *P* runtim* *rror in `t*.r*w_ops.R*v*rs*`: ```pyt*on import t*nsor*low *s t* t*nsor_input = t*.*onst*nt([], s**p*=[*, *, *], *typ*=t*.int**) *ims = t*.*onst*nt([**ls*, Tru*, **ls*], s**p*=[

Reasoning

T** vuln*r**ility st*ms *ir**tly *rom t** unv*li**t** us* o* input.*im_siz*(*) in * *ivision op*r*tion wit*in t** *omput* m*t*o* o* R*v*rs*Op. T** p*t** ***s v*li**tion *or input.*im_siz*(*) in t*is *x**t *un*tion, *on*irmin* t*is is t** vuln*r**l* l