pysec-2020-121
Vulnerability from pysec
Published
2020-09-25 19:15
Modified
2021-09-01 08:19
Details
In Tensorflow before version 2.3.1, the SparseCountSparseOutput
implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices
tensor has the same shape as the values
one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.
Aliases
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "tensorflow", "purl": "pkg:pypi/tensorflow" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "3cbb917b4714766030b28eba9fb41bb97ce9ee02" } ], "repo": "https://github.com/tensorflow/tensorflow", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "2.3.1" } ], "type": "ECOSYSTEM" } ], "versions": [ "0.12.0rc0", "0.12.0rc1", "0.12.0", "0.12.1", "1.0.0", "1.0.1", "1.1.0rc0", "1.1.0rc1", "1.1.0rc2", "1.1.0", "1.2.0rc0", "1.2.0rc1", "1.2.0rc2", "1.2.0", "1.2.1", "1.3.0rc0", "1.3.0rc1", "1.3.0rc2", "1.3.0", "1.4.0rc0", "1.4.0rc1", "1.4.0", "1.4.1", "1.5.0rc0", "1.5.0rc1", "1.5.0", "1.5.1", "1.6.0rc0", "1.6.0rc1", "1.6.0", "1.7.0rc0", "1.7.0rc1", "1.7.0", "1.7.1", "1.8.0rc0", "1.8.0rc1", "1.8.0", "1.9.0rc0", "1.9.0rc1", "1.9.0rc2", "1.9.0", "1.10.0rc0", "1.10.0rc1", "1.10.0", "1.10.1", "1.11.0rc0", "1.11.0rc1", "1.11.0rc2", "1.11.0", "1.12.0rc0", "1.12.0rc1", "1.12.0rc2", "1.12.0", "1.12.2", "1.12.3", "1.13.0rc0", "1.13.0rc1", "1.13.0rc2", "1.13.1", "1.13.2", "1.14.0rc0", "1.14.0rc1", "1.14.0", "1.15.0rc0", "1.15.0rc1", "1.15.0rc2", "1.15.0rc3", "1.15.0", "1.15.2", "1.15.3", "1.15.4", "1.15.5", "2.0.0a0", "2.0.0b0", "2.0.0b1", "2.0.0rc0", "2.0.0rc1", "2.0.0rc2", "2.0.0", "2.0.1", "2.0.2", "2.0.3", "2.0.4", "2.1.0rc0", "2.1.0rc1", "2.1.0rc2", "2.1.0", "2.1.1", "2.1.2", "2.1.3", "2.2.0rc0", "2.2.0rc1", "2.2.0rc2", "2.2.0rc3", "2.2.0rc4", "2.2.0", "2.2.1", "2.2.2", "2.3.0rc0", "2.3.0rc1", "2.3.0rc2", "2.3.0", "2.1.4", "2.2.3" ] } ], "aliases": [ "CVE-2020-15198", "GHSA-jc87-6vpp-7ff3" ], "details": "In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has the same shape as the `values` one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.", "id": "PYSEC-2020-121", "modified": "2021-09-01T08:19:33.154302Z", "published": "2020-09-25T19:15:00Z", "references": [ { "type": "WEB", "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1" }, { "type": "FIX", "url": "https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02" }, { "type": "ADVISORY", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jc87-6vpp-7ff3" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.