|Package Slug|| |
Improper Restriction of Operations within the Bounds of a Memory Buffer
In TensorFlow Lite, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor, attackers can use a very large value to trigger a large allocation.
|Affected Versions|| |
All versions starting from 2.2.0 before 2.2.1, all versions starting from 2.3.0 before 2.3.1
Upgrade to versions 2.2.1, 2.3.1 or above.
|Last Modified|| |