Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-37686 - log back

CVE-2021-37686 created at 13 Aug 2021 07:57:56

Severity

+

High

Remote

+

Local

Type

+	Denial of service

Description

+

In TensorFlow before version 2.6.0 the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker can craft a model such that ellipsis_end_idx is smaller than i (e.g., always negative). In this case, the inner loop does not increase i and the continue statement causes execution to skip over the preincrement at the end of the outer loop.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mhhc-q96p-mfm9
+	https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695

Notes