CVE-2021-37642

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier

Description The implementation of tf.raw ops.ResourceScatterDiv is vulnerable to a division by 0 error. This occurs because the implementation uses a common class for all binary operations but fails to treat the division by 0 case separately. The issue can be exploited using the tf.raw ops.ResourceScatterDiv function with specific parameters, such as resource=v.handle, indices=[1], and updates=[0].

Recommendations For TensorFlow versions prior to 2.6.0, update to version 2.6.0 or later. For TensorFlow versions 2.5.1 and earlier, update to version 2.5.1 or later, or apply the patch from GitHub commit 4aacb30888638da75023e6601149415b39763d76. For TensorFlow versions 2.4.3 and earlier, update to version 2.4.3 or later, or apply the patch from GitHub commit 4aacb30888638da75023e6601149415b39763d76. For TensorFlow versions 2.3.4 and earlier, update to version 2.3.4 or later, or apply the patch from GitHub commit 4aacb30888638da75023e6601149415b39763d76. As a temporary workaround, consider avoiding the use of the tf.raw ops.ResourceScatterDiv function with division by 0 until a patch is applied.