Miggo Logo

CVE-2021-29604: Division by zero in TFLite's implementation of hashtable lookup

2.5

CVSS Score
3.1

Basic Information

EPSS Score
0.01803%
Published
5/21/2021
Updated
11/13/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.1.42.1.4
tensorflowpip>= 2.2.0, < 2.2.32.2.3
tensorflowpip>= 2.3.0, < 2.3.32.3.3
tensorflowpip>= 2.4.0, < 2.4.22.4.2
tensorflow-cpupip< 2.1.42.1.4
tensorflow-cpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-cpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-cpupip>= 2.4.0, < 2.4.22.4.2
tensorflow-gpupip< 2.1.42.1.4
tensorflow-gpupip>= 2.2.0, < 2.2.32.2.3
tensorflow-gpupip>= 2.3.0, < 2.3.32.3.3
tensorflow-gpupip>= 2.4.0, < 2.4.22.4.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems directly from lines 114-115 in hashtable_lookup.cc where row_bytes is calculated as value->bytes divided by num_rows. The Eval function is the only location shown in the provided code/diffs where this unsafe division occurs. The patch adds a TF_LITE_ENSURE check specifically in this function to validate num_rows != 0, confirming this as the vulnerable location. No other functions in the call chain (e.g., SizeOfDimension, GetInputSafe) are implicated in the division operation itself.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** T*Lit* impl*m*nt*tion o* **s*t**l* lookup is [vuln*r**l* to * *ivision *y z*ro *rror](*ttps://*it*u*.*om/t*nsor*low/t*nsor*low/*lo*/****************************************/t*nsor*low/lit*/k*rn*ls/**s*t**l*_lookup.**#L***-L***): ```**

Reasoning

T** vuln*r**ility st*ms *ir**tly *rom lin*s ***-*** in **s*t**l*_lookup.** w**r* row_*yt*s is **l*ul*t** *s v*lu*->*yt*s *ivi*** *y num_rows. T** *v*l *un*tion is t** only lo**tion s*own in t** provi*** *o**/*i**s w**r* t*is uns*** *ivision o**urs. T