CVE-2020-15191: Improper Input Validation
(updated )
In Tensorflow, if a user passes an invalid argument to dlpack.to_dlpack
the expected validations will cause variables to bind to nullptr
while setting a status
variable to the error condition. However, this status
argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with -fsanitize=null
.
References
Detect and mitigate CVE-2020-15191 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →