CVE-2021-29581 - log back

CVE-2021-29581 edited at 14 May 2021 21:52:33
Type
- Unknown
+ Denial of service
CVE-2021-29581 edited at 14 May 2021 21:31:41
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Description
+ A security issue has been found in TensorFlow before version 2.4.2. Due to lack of validation in `tf.raw_ops.CTCBeamSearchDecoder`, an attacker can trigger denial of service via segmentation faults. The implementation(https://github.com/tensorflow/tensorflow/blob/a74768f8e4efbda4def9f16ee7e13cf3922ac5f7/tensorflow/core/kernels/ctc_decoder_ops.cc#L68-L79) fails to detect cases when the input tensor is empty and proceeds to read data from a null buffer.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vq2r-5xvm-3hc3
+ https://github.com/tensorflow/tensorflow/commit/b1b323042264740c398140da32e93fb9c2c9f33e
CVE-2021-29581 created at 14 May 2021 20:37:16
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes