CVE-2021-29597

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4 are also affected

Description The implementation of the SpaceToBatchNd TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that one dimension of the block input is 0, resulting in a corresponding value of 0 in block shape. This can lead to a division by zero error in the TF LITE ENSURE EQ function.

Recommendations For TensorFlow versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. For TensorFlow version 2.4.2, update to a newer version that includes the fix, such as 2.5.0. For TensorFlow version 2.3.3, update to a newer version that includes the fix, such as 2.5.0. For TensorFlow version 2.2.3, update to a newer version that includes the fix, such as 2.5.0. For TensorFlow version 2.1.4, update to a newer version that includes the fix, such as 2.5.0. As a temporary workaround, consider restricting the use of the SpaceToBatchNd TFLite operator until a patch is available.