CVE-2021-29588 - log back

CVE-2021-29588 edited at 14 May 2021 21:53:52
Type
- Unknown
+ Denial of service
CVE-2021-29588 edited at 14 May 2021 21:31:51
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Description
+ A security issue has been found in TensorFlow before version 2.4.2. The optimized implementation of the `TransposeConv` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/internal/optimized/optimized_ops.h#L5221-L5222). An attacker can craft a model such that `stride_{h,w}` values are 0. Code calling this function must validate these arguments.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vfr4-x8j2-3rf9
+ https://github.com/tensorflow/tensorflow/commit/801c1c6be5324219689c98e1bd3e0ca365ee834d
CVE-2021-29588 created at 14 May 2021 20:37:16
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes