CVE-2021-37685 log

Severity Medium
Remote No
Type Information disclosure
In TensorFlow before version 2.6.0 TFLite's contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If axis is a large negative value (e.g., -100000), then after the first if it would still be negative. The check following the if statement will pass and the for loop would read one element before the start of (when i = 0).
Group Package Affected Fixed Severity Status Ticket
AVG-2292 tensorflow 2.5.0-6 2.5.1-1 Critical Fixed