[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CVE-2021-37664 log

Source
Severity Medium
Remote No
Type Information disclosure
Description
In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The implementation needs to validate that each value in stats_summary_indices is in range.
Group Package Affected Fixed Severity Status Ticket
AVG-2292 tensorflow 2.5.0-6 2.5.1-1 Critical Fixed
References
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r4c4-5fpq-56wg
https://github.com/tensorflow/tensorflow/commit/e84c975313e8e8e38bb2ea118196369c45c51378