CVE-2021-37682 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Denial of service
Description	In TensorFlow before version 2.6.0 all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that kTfLiteNoQuantization. However, these checks are missing in large parts of the code.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2292	tensorflow	2.5.0-6	2.5.1-1	Critical	Fixed

References
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4c4g-crqm-xrxw https://github.com/tensorflow/tensorflow/commit/537bc7c723439b9194a358f64d871dd326c18887 https://github.com/tensorflow/tensorflow/commit/4a91f2069f7145aab6ba2d8cfe41be8a110c18a5 https://github.com/tensorflow/tensorflow/commit/8933b8a21280696ab119b63263babdb54c298538

References

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4c4g-crqm-xrxw
https://github.com/tensorflow/tensorflow/commit/537bc7c723439b9194a358f64d871dd326c18887
https://github.com/tensorflow/tensorflow/commit/4a91f2069f7145aab6ba2d8cfe41be8a110c18a5
https://github.com/tensorflow/tensorflow/commit/8933b8a21280696ab119b63263babdb54c298538