CVE-2021-37637 log

Source
Severity Low
Remote No
Type Denial of service
Description
In TensorFlow before version 2.6.0 it is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.raw_ops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function call before validating that said buffer is valid.
Group Package Affected Fixed Severity Status Ticket
AVG-2292 tensorflow 2.5.0-6 2.5.1-1 Critical Fixed
References
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9qf-r67m-p7cg
https://github.com/tensorflow/tensorflow/commit/5dc7f6981fdaf74c8c5be41f393df705841fb7c5