Moderate severityNVD Advisory· Published Aug 12, 2021· Updated Aug 4, 2024

Floating point exception in `SparseDenseCwiseDiv` in TensorFlow

CVE-2021-37636

Description

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.raw_ops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case separately. We have patched the issue in GitHub commit d9204be9f49520cdaaeb2541d1dc5187b23f31d9. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tensorflowPyPI	< 2.3.4	2.3.4
tensorflowPyPI	>= 2.4.0, < 2.4.3	2.4.3
tensorflowPyPI	>= 2.5.0, < 2.5.1	2.5.1
tensorflow-cpuPyPI	< 2.3.4	2.3.4
tensorflow-cpuPyPI	>= 2.4.0, < 2.4.3	2.4.3
tensorflow-cpuPyPI	>= 2.5.0, < 2.5.1	2.5.1
tensorflow-gpuPyPI	< 2.3.4	2.3.4
tensorflow-gpuPyPI	>= 2.4.0, < 2.4.3	2.4.3
tensorflow-gpuPyPI	>= 2.5.0, < 2.5.1	2.5.1

Affected products

Tensorflow/Tensorflowv5
Range: >= 2.5.0, < 2.5.1

Patches

d9204be9f495

Disallow division by zero FPE in tf.raw_ops.SparseDenseCwiseDiv

https://github.com/tensorflow/tensorflowLaura PakJul 10, 2021via ghsa

commit

1 file changed · +10 −1

tensorflow/core/kernels/sparse_dense_binary_op_shared.cc+10 −1 modified

@@ -114,7 +114,10 @@ class SparseDenseBinaryOpShared : public OpKernel {
     OP_REQUIRES_OK(
         ctx, ctx->allocate_temp(DataTypeToEnum<T>::value, TensorShape({nnz}),
                                 &dense_gathered));
-
+    bool op_is_div = false;
+    if (absl::StrContains(ctx->op_kernel().type_string_view(), "Div")) {
+      op_is_div = true;
+    }
     // Pulls relevant entries from the dense side, with reshape and broadcasting
     // *of the dense side* taken into account.  Use a TensorRef to avoid blowing
     // up memory.
@@ -143,6 +146,12 @@ class SparseDenseBinaryOpShared : public OpKernel {
           errors::InvalidArgument("Provided indices are out-of-bounds w.r.t. " \
                                   "dense side with broadcasted shape"));       \
       dense_gathered_flat(i) = rhs_ref.coeff(idx);                             \
+      if (op_is_div) {                                                         \
+        OP_REQUIRES(ctx, dense_gathered_flat(i) != 0,                          \
+                    errors::InvalidArgument(                                   \
+                        "SparseDenseCwiseDiv cannot divide by zero,"           \
+                        "but input dense tensor contains zero "));             \
+      }                                                                        \
     }                                                                          \
     break;                                                                     \
   }

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-hp4c-x6r7-6555ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-37636ghsaADVISORY
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-549.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-747.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-258.yamlghsaWEB
github.com/tensorflow/tensorflow/commit/d9204be9f49520cdaaeb2541d1dc5187b23f31d9ghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/security/advisories/GHSA-hp4c-x6r7-6555ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000