Miggo Logo

CVE-2021-29588: Division by zero in TFLite's implementation of `TransposeConv`

2.5

CVSS Score
3.1

Basic Information

EPSS Score
0.0254%
Published
5/21/2021
Updated
11/1/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.1.42.1.4
tensorflowpip>= 2.2.0, < 2.2.32.2.3
tensorflowpip>= 2.3.0, < 2.3.32.3.3
tensorflowpip>= 2.4.0, < 2.4.22.4.2
tensorflow-cpupip< 2.1.42.1.4
tensorflow-cpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-cpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-cpupip>= 2.4.0, < 2.4.22.4.2
tensorflow-gpupip< 2.1.42.1.4
tensorflow-gpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-gpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-gpupip>= 2.4.0, < 2.4.22.4.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems directly from unvalidated divisions by stride_h and stride_w in the TransposeConv operator's optimized implementation. The code snippet shows raw division operations ((height + pad_t + pad_b - filter_h)/stride_h) without prior validation of stride values. The subsequent patch added validation checks in transpose_conv.cc, confirming the vulnerability existed in the calculation logic within optimized_ops.h. Though the exact function name isn't explicitly stated, the line numbers and context indicate this is part of the TransposeConv operator's implementation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** optimiz** impl*m*nt*tion o* t** `Tr*nspos**onv` T*Lit* op*r*tor is [vuln*r**l* to * *ivision *y z*ro *rror](*ttps://*it*u*.*om/t*nsor*low/t*nsor*low/*lo*/****************************************/t*nsor*low/lit*/k*rn*ls/int*rn*l/optimiz

Reasoning

T** vuln*r**ility st*ms *ir**tly *rom unv*li**t** *ivisions *y stri**_* *n* stri**_w in t** Tr*nspos**onv op*r*tor's optimiz** impl*m*nt*tion. T** *o** snipp*t s*ows r*w *ivision op*r*tions ((**i**t + p**_t + p**_* - *ilt*r_*)/stri**_*) wit*out prior