Identifier

CVE-2020-15192

Package Slug

pypi/tensorflow-gpu

Vulnerability

Improper Input Validation

Description

In Tensorflow, if a user passes a list of strings to dlpack.to_dlpack there is a memory leak following an expected validation failure. The issue occurs because the status argument during validation failures is not properly checked. Since each of the above methods can return an error status, the status value must be checked before continuing.

Affected Versions

All versions starting from 2.2.0 up to 2.3.0

Solution

Upgrade to version 2.3.1 or above.

Last Modified

2020-10-08

source