CVE-2021-29593 - log back

CVE-2021-29593 edited at 14 May 2021 21:54:28
Type
- Unknown
+ Denial of service
CVE-2021-29593 edited at 14 May 2021 21:31:58
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Description
+ A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `BatchToSpaceNd` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/b5ed552fe55895aee8bd8b191f744a069957d18d/tensorflow/lite/kernels/batch_to_space_nd.cc#L81-L82). An attacker can craft a model such that one dimension of the `block` input is 0. Hence, the corresponding value in `block_shape` is 0.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cfx7-2xpc-8w4h
+ https://github.com/tensorflow/tensorflow/commit/2c74674348a4708ced58ad6eb1b23354df8ee044
CVE-2021-29593 created at 14 May 2021 20:37:16
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes