CVE-2019-16778: Out-of-bounds Write
(updated )
In TensorFlow, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32
. In this case data_size and num_segments fields are truncated from int64
to int32
and can produce negative numbers, resulting in accessing out-of-bounds heap memory.
References
Detect and mitigate CVE-2019-16778 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →