Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-37660 - log back

CVE-2021-37660 created at 13 Aug 2021 07:57:59

Severity

+

Low

Remote

+

Local

Type

+	Denial of service

Description

+	In TensorFlow before version 2.6.0 an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation has a logic error: it should skip processing if x and v are empty but the code uses \|\| instead of &&.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cm5x-837x-jf3c
+	https://github.com/tensorflow/tensorflow/commit/e86605c0a336c088b638da02135ea6f9f6753618

Notes