CVE-2021-29584 - log back

CVE-2021-29584 edited at 14 May 2021 21:53:00
Type
- Unknown
+ Denial of service
CVE-2021-29584 edited at 14 May 2021 21:31:45
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Description
+ A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in caused by an integer overflow in constructing a new tensor shape. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/0908c2f2397c099338b901b067f6495a5b96760b/tensorflow/core/kernels/sparse_split_op.cc#L66-L70) builds a dense shape without checking that the dimensions would not result in overflow. The `TensorShape` constructor(https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L183-L188) uses a `CHECK` operation which triggers when `InitDims`(https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L212-L296) returns a non-OK status. This is a legacy implementation of the constructor and operations should use `BuildTensorShapeBase` or `AddDimWithStatus` to prevent `CHECK`-failures in the presence of overflows.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvjm-fvxx-q3hv
+ https://github.com/tensorflow/tensorflow/commit/4c0ee937c0f61c4fc5f5d32d9bb4c67428012a60
CVE-2021-29584 created at 14 May 2021 20:37:16
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes