[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CVE-2021-41211 log

Source
Severity High
Remote No
Type Information disclosure
Description
In TensorFlow before version 2.6.1, the shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array. This occurs whenever axis is a negative value less than -1. In this case, we are accessing data before the start of a heap buffer. The code allows axis to be an optional argument (s would contain an error::NOT_FOUND error code). Otherwise, it assumes that axis is a valid index into the dimensions of the input tensor. If axis is less than -1 then this results in a heap OOB read.
Group Package Affected Fixed Severity Status Ticket
AVG-2529 tensorflow 2.6.0-6 2.6.1-1 High Fixed
References
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvgx-3v3q-m36c
https://github.com/tensorflow/tensorflow/commit/a0d64445116c43cf46a5666bd4eee28e7a82f244