CVE-2021-37639 - log back

CVE-2021-37639 created at 13 Aug 2021 07:58:02
Severity
+ Low
Remote
+ Local
Type
+ Information disclosure
Description
+ In TensorFlow before version 2.6.0, when restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some tensor names but not enough for a successful restoration. The implementation retrieves the tensor list corresponding to the tensor_name user controlled input and immediately retrieves the tensor at the restoration index (controlled via preferred_shard argument). This occurs without validating that the provided list has enough values. If the list is empty this results in dereferencing a null pointer (undefined behavior). If, however, the list has some elements, if the restoration index is outside the bounds this results in heap OOB read.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gh6x-4whr-2qv4
+ https://github.com/tensorflow/tensorflow/commit/9e82dce6e6bd1f36a57e08fa85af213e2b2f2622
Notes