---

CVE-2021-41206 - log back

CVE-2021-41206 created at 06 Nov 2021 00:12:34
Severity	+ High
Remote	+ Local
Type	+ Arbitrary code execution
Description	+ In TensorFlow before version 2.6.1, several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible.
References	+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69 + https://github.com/tensorflow/tensorflow/commit/68422b215e618df5ad375bcdc6d2052e9fd3080a + https://github.com/tensorflow/tensorflow/commit/4d74d8a00b07441cba090a02e0dd9ed385145bf4 + https://github.com/tensorflow/tensorflow/commit/579261dcd446385831fe4f7457d802a59685121d + https://github.com/tensorflow/tensorflow/commit/e7f497570abb6b4ae5af4970620cd880e4c0c904 + https://github.com/tensorflow/tensorflow/commit/da4aad5946be30e5f049920fa076e1f7ef021261 + https://github.com/tensorflow/tensorflow/commit/4dddb2fd0b01cdd196101afbba6518658a2c9e07
Notes