---

CVE-2021-29553 - log back

CVE-2021-29553 edited at 14 May 2021 21:48:04
Type	- Unknown + Information disclosure

CVE-2021-29553 edited at 14 May 2021 21:31:00
Severity	- Unknown + Low
Remote	- Unknown + Local
Description	+ A security issue has been found in TensorFlow before version 2.4.2. An attacker can read data outside of bounds of heap allocated buffer in `tf.raw_ops.QuantizeAndDequantizeV3`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/11ff7f80667e6490d7b5174aa6bf5e01886e770f/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L237) does not validate the value of user supplied `axis` attribute before using it to index in the array backing the `input` argument.
References	+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h9px-9vqg-222h + https://github.com/tensorflow/tensorflow/commit/99085e8ff02c3763a0ec2263e44daec416f6a387

CVE-2021-29553 created at 14 May 2021 20:37:16
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes