CVE-2021-37640

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1

Description The implementation of tf.raw ops.SparseReshape can be made to trigger an integral division by 0 exception. This occurs because the implementation calls the reshaping functor whenever there is at least an index in the input but does not check that the shape of the input or the target shape have both a non-zero number of elements. The reshape functor blindly divides by the dimensions of the target shape, resulting in a division by 0 if this is not checked.

Recommendations For TensorFlow versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. For TensorFlow version 2.5.1, apply the patch from GitHub commit 4923de56ec94fff7770df259ab7f2288a74feb41 to resolve the issue. As a temporary workaround, consider avoiding the use of tf.raw ops.SparseReshape with input shapes that may result in a division by 0.