CVE-2021-29528

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier

Description: An attacker can trigger a division by 0 in tf.raw ops.QuantizedMul. This is because the implementation does a division by a quantity that is controlled by the caller. The issue can be exploited by passing specific values to the tf.raw ops.QuantizedMul function, such as empty tensors or tensors with specific values.

Recommendations: For TensorFlow versions prior to 2.5.0, update to TensorFlow 2.5.0 or later. For TensorFlow versions 2.4.2 and earlier, update to TensorFlow 2.4.2 or later. For TensorFlow versions 2.3.3 and earlier, update to TensorFlow 2.3.3 or later. For TensorFlow versions 2.2.3 and earlier, update to TensorFlow 2.2.3 or later. For TensorFlow versions 2.1.4 and earlier, update to TensorFlow 2.1.4 or later. As a temporary workaround, consider avoiding the use of the tf.raw ops.QuantizedMul function until a patch is available.