AVG-1350 log
| Package | tensorflow |
| Status | Fixed |
| Severity | Medium |
| Type | denial of service |
| Affected | 2.3.1-7 |
| Fixed | 2.4.0rc4-1 |
| Current | 2.18.0-3 [extra] |
| Ticket | None |
| Created | Fri Dec 11 15:25:12 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-15266 | Low | No | Denial of service | In Tensorflow before version 2.4.0, when the boxes argument of tf.image.crop_and_resize has a very large value, the CPU kernel implementation receives it as... |
| CVE-2020-15265 | Medium | No | Denial of service | In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantize_and_dequantize. This results in accessing a... |