CVE-2021-37670 log

Severity Medium
Remote No
Type Information disclosure
In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.raw_ops.UpperBound. The implementation does not validate the rank of sorted_input argument. A similar issue occurs in tf.raw_ops.LowerBound.
Group Package Affected Fixed Severity Status Ticket
AVG-2292 tensorflow 2.5.0-6 2.5.1-1 Critical Fixed