CVE-2020-15195: Improper Restriction of Operations within the Bounds of a Memory Buffer
(updated )
In Tensorflow, the implementation of SparseFillEmptyRowsGrad
uses a double indexing pattern. It is possible for reverse_index_map(i)
to be an index outside bounds of grad_values
, thus resulting in a heap buffer overflow.
References
Detect and mitigate CVE-2020-15195 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →