CVE-2021-37637 - log back

CVE-2021-37637 created at 13 Aug 2021 07:58:02
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ In TensorFlow before version 2.6.0 it is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.raw_ops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function call before validating that said buffer is valid.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9qf-r67m-p7cg
+ https://github.com/tensorflow/tensorflow/commit/5dc7f6981fdaf74c8c5be41f393df705841fb7c5
Notes