CVE-2021-29518 - log back

CVE-2021-29518 edited at 14 May 2021 21:42:01
Type
- Unknown
+ Denial of service
CVE-2021-29518 edited at 14 May 2021 21:30:09
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Description
+ A security issue has been found in TensorFlow before version 2.4.2. In eager mode (default in TF 2.0 and later), session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The implementation(https://github.com/tensorflow/tensorflow/blob/eebb96c2830d48597d055d247c0e9aebaea94cd5/tensorflow/core/kernels/session_ops.cc#L104) dereferences the session state pointer without checking if it is valid. Thus, in eager mode, `ctx->session_state()` is nullptr and the call of the member function is undefined behavior.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-62gx-355r-9fhg
+ https://github.com/tensorflow/tensorflow/commit/ff70c47a396ef1e3cb73c90513da4f5cb71bebba
CVE-2021-29518 created at 14 May 2021 20:37:16
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes