---

CVE-2021-41203 - log back

CVE-2021-41203 created at 06 Nov 2021 00:12:34
Severity	+ High
Remote	+ Local
Type	+ Arbitrary code execution
Description	+ In TensorFlow before version 2.6.1, an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats.
References	+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2 + https://github.com/tensorflow/tensorflow/commit/368af875869a204b4ac552b9ddda59f6a46a56ec + https://github.com/tensorflow/tensorflow/commit/abcced051cb1bd8fb05046ac3b6023a7ebcc4578 + https://github.com/tensorflow/tensorflow/commit/e8dc63704c88007ee4713076605c90188d66f3d2 + https://github.com/tensorflow/tensorflow/commit/b619c6f865715ca3b15ef1842b5b95edbaa710ad
Notes