CVE-2021-41202 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Incorrect calculation
Description	In TensorFlow before version 2.6.1, while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition will be cast to double and the result would be truncated before the assignment. This result in overflows.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2529	tensorflow	2.6.0-6	2.6.1-1	High	Fixed

References
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx https://github.com/tensorflow/tensorflow/issues/46912 https://github.com/tensorflow/tensorflow/issues/46889 https://github.com/tensorflow/tensorflow/commit/1b0e0ec27e7895b9985076eab32445026ae5ca94 https://github.com/tensorflow/tensorflow/commit/6d94002a09711d297dbba90390d5482b76113899

References

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx
https://github.com/tensorflow/tensorflow/issues/46912
https://github.com/tensorflow/tensorflow/issues/46889
https://github.com/tensorflow/tensorflow/commit/1b0e0ec27e7895b9985076eab32445026ae5ca94
https://github.com/tensorflow/tensorflow/commit/6d94002a09711d297dbba90390d5482b76113899