Identifier

CVE-2020-15202

Package Slug

pypi/tensorflow

Vulnerability

Improper Check for Unusual or Exceptional Conditions

Description

In Tensorflow, the Shard API in TensorFlow expects the last argument to be a function taking two int64 arguments. However, there are several places in TensorFlow where a lambda taking int or int32 arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside heap allocated arrays, stack overflows, or data corruption.

Affected Versions

All versions before 1.15.4, all versions starting from 2.0.0 before 2.0.3, all versions starting from 2.1.0 before 2.1.2, all versions starting from 2.2.0 before 2.2.1, all versions starting from 2.3.0 before 2.3.1

Solution

Upgrade to versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1 or above.

Last Modified

2020-10-05

source