---

CVE-2021-41202 - log back

CVE-2021-41202 created at 06 Nov 2021 00:12:34
Severity	+ Medium
Remote	+ Local
Type	+ Incorrect calculation
Description	+ In TensorFlow before version 2.6.1, while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition will be cast to double and the result would be truncated before the assignment. This result in overflows.
References	+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx + https://github.com/tensorflow/tensorflow/issues/46912 + https://github.com/tensorflow/tensorflow/issues/46889 + https://github.com/tensorflow/tensorflow/commit/1b0e0ec27e7895b9985076eab32445026ae5ca94 + https://github.com/tensorflow/tensorflow/commit/6d94002a09711d297dbba90390d5482b76113899
Notes