Miggo Logo

CVE-2021-29600: Division by zero in TFLite's implementation of `OneHot`

2.5

CVSS Score
3.1

Basic Information

EPSS Score
0.0254%
Published
5/21/2021
Updated
11/13/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.1.42.1.4
tensorflowpip>= 2.2.0, < 2.2.32.2.3
tensorflowpip>= 2.3.0, < 2.3.32.3.3
tensorflowpip>= 2.4.0, < 2.4.22.4.2
tensorflow-cpupip< 2.1.42.1.4
tensorflow-cpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-cpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-cpupip>= 2.4.0, < 2.4.22.4.2
tensorflow-gpupip< 2.1.42.1.4
tensorflow-gpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-gpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-gpupip>= 2.4.0, < 2.4.22.4.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems directly from the calculation logic in OneHotComputeImpl where prefix_dim_size is computed through multiplication of tensor dimensions. The code explicitly performs division using this value without validation (CWE-369). The patch adds a guard clause checking if prefix_dim_size == 0, confirming this function as the vulnerable location. The file path and function name are explicitly referenced in both the vulnerability description and commit diff.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** impl*m*nt*tion o* t** `On**ot` T*Lit* op*r*tor is [vuln*r**l* to * *ivision *y z*ro *rror](*ttps://*it*u*.*om/t*nsor*low/t*nsor*low/*lo*/****************************************/t*nsor*low/lit*/k*rn*ls/on*_*ot.**#L**-L**): ```** int p

Reasoning

T** vuln*r**ility st*ms *ir**tly *rom t** **l*ul*tion lo*i* in On**ot*omput*Impl w**r* pr**ix_*im_siz* is *omput** t*rou** multipli**tion o* t*nsor *im*nsions. T** *o** *xpli*itly p*r*orms *ivision usin* t*is v*lu* wit*out v*li**tion (*W*-***). T** p