CVE-2021-41196 - log back

CVE-2021-41196 created at 06 Nov 2021 00:12:33
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ In TensorFlow before version 2.6.1, the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8
+ https://github.com/tensorflow/tensorflow/issues/51936
+ https://github.com/tensorflow/tensorflow/commit/12b1ff82b3f26ff8de17e58703231d5a02ef1b8b
Notes