CVE-2021-29550

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4

Description An attacker can cause a runtime division by zero error and denial of service in tf.raw ops.FractionalAvgPool. This is because the implementation computes a divisor quantity by dividing two user-controlled values, input size[i] and pooling ratio [i]. If the value in input size[i] is smaller than the pooling ratio [i], then the floor operation results in output size[i] being 0. Later, these computed values are used as arguments to GeneratePoolingSequence, where the first computation is a division in a modulo operation. Since output length can be 0, this results in runtime crashing.

Recommendations For TensorFlow version 2.1.4, update to version 2.1.4 or later after the fix is included. For TensorFlow version 2.2.3, update to version 2.2.3 or later after the fix is included. For TensorFlow version 2.3.3, update to version 2.3.3 or later after the fix is included. For TensorFlow version 2.4.2, update to version 2.4.2 or later after the fix is included. For TensorFlow versions prior to 2.5.0, update to version 2.5.0 or later. As a temporary workaround, consider avoiding the use of tf.raw ops.FractionalAvgPool until a patch is available.