CVE-2021-41197 log

Severity Medium
Remote No
Type Incorrect calculation
A security issue has been found in TensorFlow before version 2.6.1. TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64_t. If an overflow occurs, MultiplyWithoutOverflow would return a negative result. In the majority of TensorFlow codebase this then results in a CHECK-failure. Newer constructs exist which return a Status instead of crashing the binary. This is similar to CVE-2021-29584.
Group Package Affected Fixed Severity Status Ticket
AVG-2529 tensorflow 2.6.0-6 2.6.1-1 High Fixed