CVE-2020-15190: Segfault in Tensorflow
(updated )
The tf.raw_ops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor.
References
- github.com/advisories/GHSA-4g9f-63rx-5cw4
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-270.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-305.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-113.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/da8558533d925694483d2c136a9220d6d49d843c
- github.com/tensorflow/tensorflow/releases/tag/v2.3.1
- github.com/tensorflow/tensorflow/security/advisories/GHSA-4g9f-63rx-5cw4
- nvd.nist.gov/vuln/detail/CVE-2020-15190
Detect and mitigate CVE-2020-15190 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →