CVE-2021-37664: Out-of-bounds Read
(updated )
TensorFlow is an end-to-end open source platform for machine learning. An attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit
. The implementation needs to validate that each value in stats_summary_indices
is in range.
References
Detect and mitigate CVE-2021-37664 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →