CVE-2021-29541 log

Severity Low
Remote No
Type Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a dereference of a null pointer in `tf.raw_ops.StringNGrams`. This is because the implementation( does not fully validate the `data_splits` argument. This would result in `ngrams_data`( to be a null pointer when the output would be computed to have 0 or negative size. Later writes to the output tensor would then cause a null pointer dereference.
Group Package Affected Fixed Severity Status Ticket
AVG-1962 tensorflow 2.4.1-10 2.5.0-1 Critical Fixed