CVE-2021-29526

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier

Description: An attacker can trigger a division by 0 in tf.raw ops.Conv2D because the implementation does a division by a quantity that is controlled by the caller. This issue can be exploited by providing a specially crafted input to the tf.raw ops.Conv2D function, which can cause a division by zero error.

Recommendations: For TensorFlow versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. For TensorFlow versions 2.4.2 and earlier, update to version 2.4.2 or later to resolve the issue. For TensorFlow versions 2.3.3 and earlier, update to version 2.3.3 or later to resolve the issue. For TensorFlow versions 2.2.3 and earlier, update to version 2.2.3 or later to resolve the issue. For TensorFlow versions 2.1.4 and earlier, update to version 2.1.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the tf.raw ops.Conv2D function with untrusted input until a patch is available.