---

CVE-2020-15266 - log back

CVE-2020-15266 edited at 11 Dec 2020 15:32:45
References	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc https://github.com/tensorflow/tensorflow/issues/42129 - https://github.com/tensorflow/tensorflow/commit/c0319231333f0f16e1cc75ec83660b01fedd4182 + https://github.com/tensorflow/tensorflow/pull/42143 + https://github.com/tensorflow/tensorflow/commit/3ade2efec2e90c6237de32a19680caaa3ebc2845

CVE-2020-15266 edited at 11 Dec 2020 15:28:57
Severity	- Unknown + Low
Remote	- Unknown + Local
Type	- Unknown + Denial of service
Description	+ In Tensorflow before version 2.4.0, when the boxes argument of tf.image.crop_and_resize has a very large value, the CPU kernel implementation receives it as a C++ nan floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault.
References	+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc + https://github.com/tensorflow/tensorflow/issues/42129 + https://github.com/tensorflow/tensorflow/commit/c0319231333f0f16e1cc75ec83660b01fedd4182
Notes

CVE-2020-15266 created at 11 Dec 2020 15:25:12