CVE-2021-37650 - log back

CVE-2021-37650 created at 13 Aug 2021 07:58:00
Severity
+ High
Remote
+ Local
Type
+ Denial of service
Description
+ In TensorFlow before version 2.6.0 the implementation for tf.raw_ops.ExperimentalDatasetToTFRecord and tf.raw_ops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the dataset are of string type. However, there is no check for that, and the example given above uses numeric types.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f8h4-7rgh-q2gm
+ https://github.com/tensorflow/tensorflow/commit/e0b6e58c328059829c3eb968136f17aa72b6c876
Notes