CVE-2021-37644 log

Severity Medium
Remote No
Type Denial of service
In TensorFlow before version 2.6.0 providing a negative element to num_elements list argument of tf.raw_ops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements. The implementation calls std::vector.resize() with the new size controlled by input given by the user, without checking that this input is valid.
Group Package Affected Fixed Severity Status Ticket
AVG-2292 tensorflow 2.5.0-6 2.5.1-1 Critical Fixed