CVE-2021-29585: 
Python vulnerability analysis and mitigation

TensorFlow, an end-to-end open source platform for machine learning, was found to have a division by zero vulnerability (CVE-2021-29585) in its TFLite computation for size of output after padding. The vulnerability was discovered in the ComputeOutSize function, which failed to validate that the stride argument is not 0 before performing division operations. This issue affected multiple versions of TensorFlow prior to version 2.5.0 (GitHub Advisory).

The vulnerability exists in the ComputeOutSize function located in the TensorFlow Lite kernel's padding implementation. The function takes parameters for padding type, image size, filter size, stride, and dilation rate, but fails to verify that the stride parameter is not zero before using it as a divisor. This oversight could lead to a division by zero error when processing specially crafted models (TF Commit). The CVSS v3.1 base score was assessed as 7.8 HIGH by NVD, while GitHub rated it as 2.5 LOW (NVD).

The vulnerability allows attackers to craft special models that can trigger a division by zero error by setting the stride parameter to 0 in the ComputeOutSize function. This could potentially lead to application crashes and denial of service conditions (GitHub Advisory).

The vulnerability was patched in TensorFlow 2.5.0. The fix was also backported to TensorFlow versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4. The patch adds a check to return 0 when stride is 0, preventing the division by zero error (GitHub Advisory, TF Commit).