CVE-2021-37643 log

Severity Low
Remote No
Type Denial of service
In TensorFlow before version 2.6.0, If a user does not provide a valid padding value to tf.raw_ops.MatrixDiagPartOp, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The implementation reads the first value from a tensor buffer without first checking that the tensor has values to read from.
Group Package Affected Fixed Severity Status Ticket
AVG-2292 tensorflow 2.5.0-6 2.5.1-1 Critical Fixed