Identifier

CVE-2020-15199

Package Slug

pypi/tensorflow-cpu

Vulnerability

Improper Input Validation

Description

In Tensorflow, the RaggedCountSparseOutput does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the splits tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since BatchedMap is equivalent to a vector, it needs to have at least one element to not be nullptr. If user passes a splits tensor that is empty or has exactly one element, we get a SIGABRT signal raised by the operating system.

Affected Versions

Version 2.3.0

Solution

Upgrade to version 2.3.1 or above.

Last Modified

2020-10-05

source