Identifier

CVE-2020-15206

Package Slug

pypi/tensorflow-cpu

Vulnerability

Improper Input Validation

Description

In Tensorflow, changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-serving or other inference-as-a-service installments.

Affected Versions

All versions before 1.15.4, all versions starting from 2.0.0 before 2.0.3, all versions starting from 2.1.0 before 2.1.2, all versions starting from 2.2.0 before 2.2.1, all versions starting from 2.3.0 before 2.3.1

Solution

Upgrade to versions 2.1.2, 2.2.1, 2.3.1 or above.

Last Modified

2020-10-05

source