CVE-2021-41201 log

Source
Severity High
Remote No
Type Arbitrary code execution
Description
In TensorFlow before version 2.6.1 during execution, EinsumHelper::ParseEquation() is supposed to set the flags in input_has_ellipsis vector and *output_has_ellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to true and never assigns false. This results in unitialized variable access if callers assume that EinsumHelper::ParseEquation() always sets these flags.
Group Package Affected Fixed Severity Status Ticket
AVG-2529 tensorflow 2.6.0-6 2.6.1-1 High Fixed
References
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm
https://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6