Identifier

CVE-2020-15213

Package Slug

pypi/tensorflow-gpu

Vulnerability

Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

In TensorFlow Lite, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor, attackers can use a very large value to trigger a large allocation.

Affected Versions

All versions starting from 2.2.0 before 2.2.1, all versions starting from 2.3.0 before 2.3.1

Solution

Upgrade to versions 2.2.1, 2.3.1 or above.

Last Modified

2020-10-05

source