Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-37682 - log back

CVE-2021-37682 created at 13 Aug 2021 07:57:57

Severity

+

Medium

Remote

+

Local

Type

+	Denial of service

Description

+

In TensorFlow before version 2.6.0 all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that kTfLiteNoQuantization. However, these checks are missing in large parts of the code.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4c4g-crqm-xrxw
+	https://github.com/tensorflow/tensorflow/commit/537bc7c723439b9194a358f64d871dd326c18887
+	https://github.com/tensorflow/tensorflow/commit/4a91f2069f7145aab6ba2d8cfe41be8a110c18a5
+	https://github.com/tensorflow/tensorflow/commit/8933b8a21280696ab119b63263babdb54c298538

Notes