CVE-2021-37635 log
| Source |
|
| Severity | Medium |
| Remote | No |
| Type | Information disclosure |
| Description | In TensorFlow before version 2.6.0 the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The implementation fails to validate that each reduction group does not overflow and that each corresponding index does not point to outside the bounds of the input tensor. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2292 | tensorflow | 2.5.0-6 | 2.5.1-1 | Critical | Fixed |
| References |
|---|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cgfm-62j4-v4rf https://github.com/tensorflow/tensorflow/commit/87158f43f05f2720a374f3e6d22a7aaa3a33f750 |