Safety vulnerability ID: 57993
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Tensorflow-rocm 2.3.1 includes a fix for CVE-2020-15200: In Tensorflow before version 2.3.1, the "RaggedCountSparseOutput" implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the "splits" tensor generate a valid partitioning of the "values" tensor. Thus, the code sets up conditions to cause a heap buffer overflow. A "BatchedMap" is equivalent to a vector where each element is a hashmap. However, if the first element of "splits_values" is not 0, "batch_idx" will never be 1, hence there will be no hashmap at index 0 in "per_batch_counts". Trying to access that in the user code results in a segmentation fault. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x7rp-74x2-mjf3
Latest version: 2.14.0.600
TensorFlow is an open source machine learning framework for everyone.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application