CVE-2021-37641 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Information disclosure
Description	In TensorFlow before version 2.6.0 if the arguments to tf.raw_ops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The implementation directly reads the first dimension of a tensor shape before checking that said tensor has rank of at least 1 (i.e., it is not a scalar). Furthermore, the implementation does not check that the list given by params_nested_splits is not an empty list of tensors.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2292	tensorflow	2.5.0-6	2.5.1-1	Critical	Fixed

References
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c8h-vvrj-w2p8 https://github.com/tensorflow/tensorflow/commit/a2b743f6017d7b97af1fe49087ae15f0ac634373