CVE-2020-15198: Improper Restriction of Operations within the Bounds of a Memory Buffer
(updated )
In Tensorflow, the SparseCountSparseOutput
implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices
tensor has the same shape as the values
one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers.
References
Detect and mitigate CVE-2020-15198 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →