Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-37641 - log back

CVE-2021-37641 created at 13 Aug 2021 07:58:01

Severity

+

Low

Remote

+

Local

Type

+	Information disclosure

Description

+

In TensorFlow before version 2.6.0 if the arguments to tf.raw_ops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The implementation directly reads the first dimension of a tensor shape before checking that said tensor has rank of at least 1 (i.e., it is not a scalar). Furthermore, the implementation does not check that the list given by params_nested_splits is not an empty list of tensors.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c8h-vvrj-w2p8
+	https://github.com/tensorflow/tensorflow/commit/a2b743f6017d7b97af1fe49087ae15f0ac634373

Notes