Identifier

CVE-2020-15214

Package Slug

pypi/tensorflow

Vulnerability

Out-of-bounds Write

Description

In TensorFlow Lite, models using segment sum can trigger a segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimensionality of output tensor. This results in allocating insufficient memory for the output tensor and in an out-of-bounds-write to the output array.

Affected Versions

All versions starting from 2.2.0 before 2.2.1, all versions starting from 2.3.0 before 2.3.1

Solution

Upgrade to versions 2.2.1, 2.3.1 or above.

Last Modified

2020-10-05

source