CVE-2020-15196: Improper Restriction of Operations within the Bounds of a Memory Buffer
(updated )
In Tensorflow, the SparseCountSparseOutput
and RaggedCountSparseOutput
implementations don’t validate that the weights
tensor has the same shape as the data. The check exists for DenseCountSparseOutput
, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights.
References
Detect and mitigate CVE-2020-15196 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →