From 9ce0dc25a20348e5c6e971dc45f010f0d7a28670 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Fri, 14 May 2021 13:05:01 -0600 Subject: [PATCH] Add CVE-2021-29525 for GHSA-xm2v-8rrw-w9pm --- 2021/29xxx/CVE-2021-29525.json | 91 +++++++++++++++++++++++++++++++--- 1 file changed, 85 insertions(+), 6 deletions(-) diff --git a/2021/29xxx/CVE-2021-29525.json b/2021/29xxx/CVE-2021-29525.json index 2d2b63c0080..4c007083fd9 100644 --- a/2021/29xxx/CVE-2021-29525.json +++ b/2021/29xxx/CVE-2021-29525.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-29525", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Division by 0 in `Conv2DBackpropInput`" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": "< 2.1.4" + }, + { + "version_value": ">= 2.2.0, < 2.2.3" + }, + { + "version_value": ">= 2.3.0, < 2.3.3" + }, + { + "version_value": ">= 2.4.0, < 2.4.2" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2DBackpropInput`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/b40060c9f697b044e3107917c797ba052f4506ab/tensorflow/core/kernels/conv_grad_input_ops.h#L625-L655) does a division by a quantity that is controlled by the caller. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 2.5, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-369: Divide By Zero" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xm2v-8rrw-w9pm", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xm2v-8rrw-w9pm" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/2be2cdf3a123e231b16f766aa0e27d56b4606535", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/2be2cdf3a123e231b16f766aa0e27d56b4606535" + } + ] + }, + "source": { + "advisory": "GHSA-xm2v-8rrw-w9pm", + "discovery": "UNKNOWN" } } \ No newline at end of file