FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-tflite -- denial of service vulnerability

Affected packages
py310-tflite < 2.3.4
2.4.0 <= py310-tflite < 2.4.3
2.5.0 <= py310-tflite < 2.5.1
py311-tflite < 2.3.4
2.4.0 <= py311-tflite < 2.4.3
2.5.0 <= py311-tflite < 2.5.1
py37-tflite < 2.3.4
2.4.0 <= py37-tflite < 2.4.3
2.5.0 <= py37-tflite < 2.5.1
py38-tflite < 2.3.4
2.4.0 <= py38-tflite < 2.4.3
2.5.0 <= py38-tflite < 2.5.1
py39-tflite < 2.3.4
2.4.0 <= py39-tflite < 2.4.3
2.5.0 <= py39-tflite < 2.5.1

Details

VuXML ID d82bcd2b-5cd6-421c-8179-b3ff0231029f
Discovery 2021-08-25
Entry 2023-04-09

Yakun Zhang of Baidu Security reports:

An attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service

[source]

References

CVE Name CVE-2021-37689
URL https://osv.dev/vulnerability/GHSA-wf5p-c75w-w3wh

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.