Skip to main content

Divide By Zero


Severity Medium
Score 5.5/10


TensorFlow is an end-to-end open source platform for machine learning. On versions before 2.1.4, 2.2.0 through 2.2.2, 2.3.0 through 2.3.2 and 2.4.0 through 2.4.1, an attacker can cause a division by zero to occur in `Conv2DBackpropFilter`. This is because the implementation( computes a divisor based on user provided data (i.e., the shape of the tensors given as arguments). If all shapes are empty then `work_unit_size` is 0. Since there is no check for this case before division, this results in a runtime exception, with potential to be abused for a denial of service.

  • LOW
  • NONE
  • NONE
  • LOW
  • NONE
  • HIGH

CWE-369 - Divide By Zero

The product divides a value by zero.

Advisory Timeline

  • Published