Identifier

CVE-2020-15201

Package Slug

pypi/tensorflow

Vulnerability

Improper Input Validation

Description

In Tensorflow, the RaggedCountSparseOutput implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the splits tensor generate a valid partitioning of the values tensor. Hence, the code is prone to heap buffer overflow. If split_values does not end with a value at least num_values then the while loop condition will trigger a read outside the bounds of split_values once batch_idx grows too large.

Affected Versions

Version 2.3.0

Solution

Upgrade to version 2.3.1 or above.

Last Modified

2020-10-05

source