CVE-2021-29576 log

Severity Low
Remote No
Type Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPool3DGradGrad` is vulnerable to a heap buffer overflow. The implementation( does not check that the initialization of `Pool3dParameters` completes successfully. Since the constructor( uses `OP_REQUIRES` to validate conditions, the first assertion that fails interrupts the initialization of `params`, making it contain invalid data. In turn, this might cause a heap buffer overflow, depending on default initialized values.
Group Package Affected Fixed Severity Status Ticket
AVG-1962 tensorflow 2.4.1-10 2.5.0-1 Critical Fixed