CVE-2021-37637 log

Severity Low
Remote No
Type Denial of service
In TensorFlow before version 2.6.0 it is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.raw_ops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function call before validating that said buffer is valid.
Group Package Affected Fixed Severity Status Ticket
AVG-2292 tensorflow 2.5.0-6 2.5.1-1 Critical Fixed