Moderate severityNVD Advisory· Published Aug 12, 2021· Updated Aug 4, 2024

Division by 0 in most convolution operators in TensorFlow

CVE-2021-37675

Description

TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference implementation is missing several validations before doing divisions and modulo operations. We have patched the issue in GitHub commit 8a793b5d7f59e37ac7f3cd0954a750a2fe76bad4. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tensorflowPyPI	< 2.3.4	2.3.4
tensorflowPyPI	>= 2.4.0, < 2.4.3	2.4.3
tensorflowPyPI	>= 2.5.0, < 2.5.1	2.5.1
tensorflow-cpuPyPI	< 2.3.4	2.3.4
tensorflow-cpuPyPI	>= 2.4.0, < 2.4.3	2.4.3
tensorflow-cpuPyPI	>= 2.5.0, < 2.5.1	2.5.1
tensorflow-gpuPyPI	< 2.3.4	2.3.4
tensorflow-gpuPyPI	>= 2.4.0, < 2.4.3	2.4.3
tensorflow-gpuPyPI	>= 2.5.0, < 2.5.1	2.5.1

Affected products

Tensorflow/Tensorflowv5
Range: >= 2.5.0, < 2.5.1

Patches

8a793b5d7f59

Prevent division by 0 in common shape functions.

https://github.com/tensorflow/tensorflowMihai MaruseacJul 30, 2021via ghsa

commit

1 file changed · +11 −0

tensorflow/core/framework/common_shape_fns.cc+11 −0 modified

@@ -672,6 +672,8 @@ Status Conv2DShapeImpl(shape_inference::InferenceContext* c,
   if (c->ValueKnown(input_depth_dim) && c->ValueKnown(filter_input_depth_dim)) {
     int64_t input_depth_value = c->Value(input_depth_dim),
             filter_input_depth_value = c->Value(filter_input_depth_dim);
+    if (filter_input_depth_value == 0)
+      return errors::InvalidArgument("Depth of filter must not be 0");
     if (input_depth_value % filter_input_depth_value != 0)
       return errors::InvalidArgument(
           "Depth of input (", input_depth_value,
@@ -681,6 +683,8 @@ Status Conv2DShapeImpl(shape_inference::InferenceContext* c,
       int64_t num_groups = input_depth_value / filter_input_depth_value;
       if (c->ValueKnown(output_depth_dim)) {
         int64_t output_depth_value = c->Value(output_depth_dim);
+        if (num_groups == 0)
+          return errors::InvalidArgument("Number of groups must not be 0");
         if (output_depth_value % num_groups != 0)
           return errors::InvalidArgument(
               "Depth of output (", output_depth_value,
@@ -816,6 +820,8 @@ Status Conv3DShape(shape_inference::InferenceContext* c) {
   if (c->ValueKnown(input_depth_dim) && c->ValueKnown(filter_input_depth_dim)) {
     int64_t input_depth_value = c->Value(input_depth_dim),
             filter_input_depth_value = c->Value(filter_input_depth_dim);
+    if (filter_input_depth_value == 0)
+      return errors::InvalidArgument("Depth of filter must not be 0");
     if (input_depth_value % filter_input_depth_value != 0)
       return errors::InvalidArgument(
           "Depth of input (", input_depth_value,
@@ -825,6 +831,8 @@ Status Conv3DShape(shape_inference::InferenceContext* c) {
       int64_t num_groups = input_depth_value / filter_input_depth_value;
       if (c->ValueKnown(output_depth_dim)) {
         int64_t output_depth_value = c->Value(output_depth_dim);
+        if (num_groups == 0)
+          return errors::InvalidArgument("Number of groups must not be 0");
         if (output_depth_value % num_groups != 0)
           return errors::InvalidArgument(
               "Depth of output (", output_depth_value,
@@ -2456,6 +2464,9 @@ Status SparseReduceShapeFn(InferenceContext* c) {
 
     int64_t ndims = shape_vec.size();
     absl::flat_hash_set<int64> axes;
+    if (ndims == 0)
+      return errors::InvalidArgument(
+          "Number of dims in shape tensor must not be 0");
     for (int i = 0; i < axes_vec.size(); i++) {
       axes.insert((axes_vec(i) + ndims) % ndims);
     }

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-9c8h-2mv3-49wwghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-37675ghsaADVISORY
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-588.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-786.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-297.yamlghsaWEB
github.com/tensorflow/tensorflow/commit/8a793b5d7f59e37ac7f3cd0954a750a2fe76bad4ghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/security/advisories/GHSA-9c8h-2mv3-49wwghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000