Identifier

CVE-2020-15198

Package Slug

pypi/tensorflow

Vulnerability

Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

In Tensorflow, the SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has the same shape as the values one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers.

Affected Versions

All versions starting from 2.3.0 before 2.3.1

Solution

Upgrade to version 2.3.1 or above.

Last Modified

2020-10-05

source