---

CVE-2021-29546 - log back

CVE-2021-29546 edited at 14 May 2021 21:47:05
Type	- Unknown + Denial of service

CVE-2021-29546 edited at 14 May 2021 21:30:50
Severity	- Unknown + Low
Remote	- Unknown + Local
Description	+ A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger an integer division by zero undefined behavior in `tf.raw_ops.QuantizedBiasAdd`. This is because the implementation of the Eigen kernel(https://github.com/tensorflow/tensorflow/blob/61bca8bd5ba8a68b2d97435ddfafcdf2b85672cd/tensorflow/core/kernels/quantization_utils.h#L812-L849) does a division by the number of elements of the smaller input (based on shape) without checking that this is not zero.
References	+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m34j-p8rj-wjxq + https://github.com/tensorflow/tensorflow/commit/67784700869470d65d5f2ef20aeb5e97c31673cb

CVE-2021-29546 created at 14 May 2021 20:37:16
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes