CVE-2021-37674 log

Severity Medium
Remote No
Type Denial of service
In TensorFlow before version 2.6.0 an attacker can trigger a denial of service via a segmentation fault in tf.raw_ops.MaxPoolGrad caused by missing validation. The implementation misses some validation for the orig_input and orig_output tensors. The fixes for CVE-2021-29579 were incomplete.
Group Package Affected Fixed Severity Status Ticket
AVG-2292 tensorflow 2.5.0-6 2.5.1-1 Critical Fixed