BIT-tensorflow-2020-15192
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/tensorflow/BIT-tensorflow-2020-15192.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-tensorflow-2020-15192
- Aliases
- Published
- 2024-03-06T11:20:49.978Z
- Modified
- 2024-03-06T11:25:28.861Z
- Summary
- [none]
- Details
-
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to
dlpack.to_dlpackthere is a memory leak following an expected validation failure. The issue occurs because thestatusargument during validation failures is not properly checked. Since each of the above methods can return an error status, thestatusvalue must be checked before continuing. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1. - References
-
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html
- https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8
- https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fxw-76px-3rxv
Affected packages
Bitnami / tensorflow
Package
- Name
- tensorflow
- Purl
- pkg:bitnami/tensorflow
Severity
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator