---

CVE-2021-29592 - log back

CVE-2021-29592 edited at 14 May 2021 21:39:48
Severity	- Low + Medium
Type	- Unknown + Denial of service

CVE-2021-29592 edited at 14 May 2021 21:31:57
Severity	- Unknown + Low
Remote	- Unknown + Local
Description	+ A security issue has been found in TensorFlow before version 2.4.2. The fix for CVE-2020-15209(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15209) missed the case when the target shape of `Reshape` operator is given by the elements of a 1-D tensor. As such, the fix for the vulnerability(https://github.com/tensorflow/tensorflow/blob/9c1dc920d8ffb4893d6c9d27d1f039607b326743/tensorflow/lite/core/subgraph.cc#L1062-L1074) allowed passing a null-buffer-backed tensor with a 1D shape.
References	+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjr8-m8g8-p6wv + https://github.com/tensorflow/tensorflow/commit/f8378920345f4f4604202d4ab15ef64b2aceaa16

CVE-2021-29592 created at 14 May 2021 20:37:16
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes