Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-37664 - log back

CVE-2021-37664 created at 13 Aug 2021 07:57:59

Severity

+

Medium

Remote

+

Local

Type

+	Information disclosure

Description

+	In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The implementation needs to validate that each value in stats_summary_indices is in range.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r4c4-5fpq-56wg
+	https://github.com/tensorflow/tensorflow/commit/e84c975313e8e8e38bb2ea118196369c45c51378

Notes