CVE-2020-15202: Improper Check for Unusual or Exceptional Conditions
(updated )
In Tensorflow, the Shard
API in TensorFlow expects the last argument to be a function taking two int64
arguments. However, there are several places in TensorFlow where a lambda taking int
or int32
arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside heap allocated arrays, stack overflows, or data corruption.
References
Detect and mitigate CVE-2020-15202 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →