Identifier

CVE-2020-15200

Package Slug

pypi/tensorflow-gpu

Vulnerability

Improper Input Validation

Description

In Tensorflow, the RaggedCountSparseOutput implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the splits tensor generate a valid partitioning of the values tensor. Thus, the code sets up conditions to cause a heap buffer overflow. A BatchedMap is equivalent to a vector where each element is a hashmap. However, if the first element of splits_values is not 0, batch_idx will never be 1, hence there will be no hashmap at index 0 in per_batch_counts. Trying to access that in the user code results in a segmentation fault.

Affected Versions

Version 2.3.0

Solution

Upgrade to version 2.3.1 or above.

Last Modified

2020-10-05

source