CVE-2021-37669 log

Severity High
Remote No
Type Denial of service
In TensorFlow before version 2.6.0 an attacker can cause denial of service in applications serving models using tf.raw_ops.NonMaxSuppressionV5 by triggering a division by 0. The implementation uses a user controlled argument to resize a std::vector. However, as std::vector::resize takes the size argument as a size_t and output_size is an int, there is an implicit conversion to unsigned. If the attacker supplies a negative value, this conversion results in a crash. A similar issue occurs in CombinedNonMaxSuppression and commit b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58.
Group Package Affected Fixed Severity Status Ticket
AVG-2292 tensorflow 2.5.0-6 2.5.1-1 Critical Fixed