In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Hence, the code is prone to heap buffer overflow. If `split_values` does not end with a value at least `num_values` then the `while` loop condition will trigger a read outside of the bounds of `split_values` once `batch_idx` grows too large. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.
References
Link | Resource |
---|---|
https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02 | Patch Third Party Advisory |
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 | Third Party Advisory |
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p5f8-gfw5-33w4 | Exploit Third Party Advisory |
https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02 | Patch Third Party Advisory |
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 | Third Party Advisory |
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p5f8-gfw5-33w4 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02 - Patch, Third Party Advisory | |
References | () https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 - Third Party Advisory | |
References | () https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p5f8-gfw5-33w4 - Exploit, Third Party Advisory |
Information
Published : 2020-09-25 19:15
Updated : 2024-11-21 05:05
NVD link : CVE-2020-15201
Mitre link : CVE-2020-15201
CVE.ORG link : CVE-2020-15201
JSON object : View
Products Affected
- tensorflow