CVE-2021-37685 - log back

CVE-2021-37685 created at 13 Aug 2021 07:57:56
Severity
+ Medium
Remote
+ Local
Type
+ Information disclosure
Description
+ In TensorFlow before version 2.6.0 TFLite's expand_dims.cc contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If axis is a large negative value (e.g., -100000), then after the first if it would still be negative. The check following the if statement will pass and the for loop would read one element before the start of input_dims.data (when i = 0).
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c545-c4f9-rf6v
+ https://github.com/tensorflow/tensorflow/commit/d94ffe08a65400f898241c0374e9edc6fa8ed257
Notes