CVE-2021-37652 - log back

CVE-2021-37652 created at 13 Aug 2021 07:58:00
Severity
+ High
Remote
+ Local
Type
+ Arbitrary code execution
Description
+ In TensorFlow before version 2.6.0 the implementation for tf.raw_ops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies specially crafted arguments. The implementation uses a reference counted resource and decrements the refcount if the initialization fails, as it should. However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent free-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resource has been freed.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m7fm-4jfh-jrg6
+ https://github.com/tensorflow/tensorflow/commit/5ecec9c6fbdbc6be03295685190a45e7eee726ab
Notes