CVE-2021-37687 - log back

CVE-2021-37687 created at 13 Aug 2021 07:57:56
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ In TensorFlow before version 2.6.0 TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with negative values in indices. Similar issue exists in Gather implementation.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jwf9-w5xm-f437
+ https://github.com/tensorflow/tensorflow/commit/eb921122119a6b6e470ee98b89e65d721663179d
+ https://github.com/tensorflow/tensorflow/commit/bb6a0383ed553c286f87ca88c207f6774d5c4a8f
Notes