CVE-2021-29582 - log back

CVE-2021-29582 edited at 14 May 2021 21:52:42
Type
- Unknown
+ Information disclosure
CVE-2021-29582 edited at 14 May 2021 21:31:42
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Description
+ A security issue has been found in TensorFlow before version 2.4.2. Due to lack of validation in `tf.raw_ops.Dequantize`, an attacker can trigger a read from outside of bounds of heap allocated data. The implementation(https://github.com/tensorflow/tensorflow/blob/26003593aa94b1742f34dc22ce88a1e17776a67d/tensorflow/core/kernels/dequantize_op.cc#L106-L131) accesses the `min_range` and `max_range` tensors in parallel but fails to check that they have the same shape.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c45w-2wxr-pp53
+ https://github.com/tensorflow/tensorflow/commit/5899741d0421391ca878da47907b1452f06aaf1b
CVE-2021-29582 created at 14 May 2021 20:37:16
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes