Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-41227 - log back

CVE-2021-41227 created at 06 Nov 2021 00:14:30

Severity

+

Medium

Remote

+

Local

Type

+	Information disclosure

Description

+

In TensorFlow before version 2.6.1, the ImmutableConst operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the tstring TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype.

References

+	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7
+	https://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585
+	https://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b

Notes