[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CVE-2021-29586 log

Source
Severity Low
Remote No
Type Denial of service
Description
A security issue has been found in TensorFlow before version 2.4.2. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeightWidth`(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have `params->stride_{height,width}` be zero, this will result in a division by zero.
Group Package Affected Fixed Severity Status Ticket
AVG-1962 tensorflow 2.4.1-10 2.5.0-1 Critical Fixed
References
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922
https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc