CVE-2020-15203: Improper Input Validation
(updated )
In Tensorflow, by controlling the fill
argument of tf.strings.as_string
, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf
call is constructed. This may result in segmentation fault.
References
Detect and mitigate CVE-2020-15203 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →