CVE-2021-29578 - log back

CVE-2021-29578 edited at 14 May 2021 21:52:05
Type
- Unknown
+ Arbitrary code execution
CVE-2021-29578 edited at 14 May 2021 21:31:37
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Description
+ A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.FractionalAvgPoolGrad` is vulnerable to a heap buffer overflow. The implementation(https://github.com/tensorflow/tensorflow/blob/dcba796a28364d6d7f003f6fe733d82726dda713/tensorflow/core/kernels/fractional_avg_pool_op.cc#L216) fails to validate that the pooling sequence arguments have enough elements as required by the `out_backprop` tensor shape.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6f89-8j54-29xf
+ https://github.com/tensorflow/tensorflow/commit/12c727cee857fa19be717f336943d95fca4ffe4f
CVE-2021-29578 created at 14 May 2021 20:37:16
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes