Miggo Logo

CVE-2022-21725: Division by zero in Tensorflow

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.43492%
Published
2/10/2022
Updated
11/13/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.5.32.5.3
tensorflowpip>= 2.6.0, < 2.6.32.6.3
tensorflowpip= 2.7.02.7.1
tensorflow-cpupip< 2.5.32.5.3
tensorflow-cpupip>= 2.6.0, < 2.6.32.6.3
tensorflow-cpupip= 2.7.02.7.1
tensorflow-gpupip< 2.5.32.5.3
tensorflow-gpupip>= 2.6.0, < 2.6.32.6.3
tensorflow-gpupip= 2.7.02.7.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems directly from GetOutputSize's lack of stride validation. The function computes output dimensions using (input - filter + stride)/stride (VALID padding) or (input + stride - 1)/stride (SAME padding), both of which divide by 'stride'. The provided Python reproducer triggers this by passing stride=0, and the CVE description explicitly states the missing stride check in this function. The commit patching the issue adds validation in the caller (OpDimensionsFromInputs), but the root vulnerability resides in GetOutputSize's unsafe division.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** [*stim*tor *or t** *ost o* som* *onvolution op*r*tions](*ttps://*it*u*.*om/t*nsor*low/t*nsor*low/*lo*/****************************************/t*nsor*low/*or*/*r*ppl*r/*osts/op_l*v*l_*ost_*stim*tor.**#L***-L***) **n ** m*** to *x**ut*

Reasoning

T** vuln*r**ility st*ms *ir**tly *rom `**tOutputSiz*`'s l**k o* stri** v*li**tion. T** `*un*tion` *omput*s output *im*nsions usin* (input - *ilt*r + stri**)/stri** (V*LI* p***in*) or (input + stri** - *)/stri** (S*M* p***in*), *ot* o* w*i** *ivi** *y