Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-37687 - log back

CVE-2021-37687 created at 13 Aug 2021 07:57:56

Severity

+

Medium

Remote

+

Local

Type

+	Denial of service

Description

+

In TensorFlow before version 2.6.0 TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with negative values in indices. Similar issue exists in Gather implementation.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jwf9-w5xm-f437
+	https://github.com/tensorflow/tensorflow/commit/eb921122119a6b6e470ee98b89e65d721663179d
+	https://github.com/tensorflow/tensorflow/commit/bb6a0383ed553c286f87ca88c207f6774d5c4a8f

Notes