Identifier

CVE-2020-15195

Package Slug

pypi/tensorflow

Vulnerability

Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

In Tensorflow, the implementation of SparseFillEmptyRowsGrad uses a double indexing pattern. It is possible for reverse_index_map(i) to be an index outside bounds of grad_values, thus resulting in a heap buffer overflow.

Affected Versions

All versions before 1.15.4, all versions starting from 2.0.0 before 2.0.3, all versions starting from 2.1.0 before 2.1.2, all versions starting from 2.2.0 before 2.2.1, all versions starting from 2.3.0 before 2.3.1

Solution

Upgrade to versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1 or above.

Last Modified

2020-10-05

source