Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-37643 - log back

CVE-2021-37643 created at 13 Aug 2021 07:58:01

Severity

+

Low

Remote

+

Local

Type

+	Denial of service

Description

+

In TensorFlow before version 2.6.0, If a user does not provide a valid padding value to tf.raw_ops.MatrixDiagPartOp, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The implementation reads the first value from a tensor buffer without first checking that the tensor has values to read from.

References

+	https://github.com/tensorflow/tensorflow/commit/482da92095c4d48f8784b1f00dda4f81c28d2988
+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fcwc-p4fc-c5cc

Notes