Identifier

CVE-2020-15203

Package Slug

pypi/tensorflow-gpu

Vulnerability

Improper Input Validation

Description

In Tensorflow, by controlling the fill argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentation fault.

Affected Versions

All versions before 1.15.4, all versions starting from 2.0.0 before 2.0.3, all versions starting from 2.1.0 before 2.1.2, all versions starting from 2.2.0 before 2.2.1, all versions starting from 2.3.0 before 2.3.1

Solution

Upgrade to versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1 or above.

Last Modified

2020-10-05

source