CVE-2021-29586 - log back

CVE-2021-29586 edited at 14 May 2021 21:53:23
Type
- Unknown
+ Denial of service
CVE-2021-29586 edited at 14 May 2021 21:31:48
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Description
+ A security issue has been found in TensorFlow before version 2.4.2. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeightWidth`(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have `params->stride_{height,width}` be zero, this will result in a division by zero.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922
+ https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc
CVE-2021-29586 created at 14 May 2021 20:37:16
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes