TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/lsh_projection.cc#L118). We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be included in TensorFlow 2.6.0. We will also cherrypick thiscommit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
References
Link | Resource |
---|---|
https://github.com/tensorflow/tensorflow/commit/0575b640091680cfb70f4dd93e70658de43b94f9 | Patch Third Party Advisory |
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27qf-jwm8-g7f3 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-08-12T22:25:11
Updated: 2021-08-12T22:25:11
Reserved: 2021-07-29T00:00:00
Link: CVE-2021-37691
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-12T23:15:08.870
Modified: 2021-08-18T21:53:48.823
Link: CVE-2021-37691
JSON object: View
Redhat Information
No data.
CWE