CVE-2021-29592 - log back

CVE-2021-29592 edited at 14 May 2021 21:39:48
Severity
- Low
+ Medium
Type
- Unknown
+ Denial of service
CVE-2021-29592 edited at 14 May 2021 21:31:57
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Description
+ A security issue has been found in TensorFlow before version 2.4.2. The fix for CVE-2020-15209(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15209) missed the case when the target shape of `Reshape` operator is given by the elements of a 1-D tensor. As such, the fix for the vulnerability(https://github.com/tensorflow/tensorflow/blob/9c1dc920d8ffb4893d6c9d27d1f039607b326743/tensorflow/lite/core/subgraph.cc#L1062-L1074) allowed passing a null-buffer-backed tensor with a 1D shape.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjr8-m8g8-p6wv
+ https://github.com/tensorflow/tensorflow/commit/f8378920345f4f4604202d4ab15ef64b2aceaa16
CVE-2021-29592 created at 14 May 2021 20:37:16
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes