CVE-2021-37660 log
| Source |
|
| Severity | Low |
| Remote | No |
| Type | Denial of service |
| Description | In TensorFlow before version 2.6.0 an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation has a logic error: it should skip processing if x and v are empty but the code uses || instead of &&. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2292 | tensorflow | 2.5.0-6 | 2.5.1-1 | Critical | Fixed |
| References |
|---|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cm5x-837x-jf3c https://github.com/tensorflow/tensorflow/commit/e86605c0a336c088b638da02135ea6f9f6753618 |