CVE-2021-29597 - log back

CVE-2021-29597 edited at 14 May 2021 21:55:13
Type
- Unknown
+ Denial of service
CVE-2021-29597 edited at 14 May 2021 21:32:04
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Description
+ A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `SpaceToBatchNd` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/412c7d9bb8f8a762c5b266c9e73bfa165f29aac8/tensorflow/lite/kernels/space_to_batch_nd.cc#L82-L83). An attacker can craft a model such that one dimension of the `block` input is 0. Hence, the corresponding value in `block_shape` is 0.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v52p-hfjf-wg88
+ https://github.com/tensorflow/tensorflow/commit/6d36ba65577006affb272335b7c1abd829010708
CVE-2021-29597 created at 14 May 2021 20:37:16
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes