CVE-2020-15200
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-15200
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15200.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-15200
- Aliases
- Published
- 2020-09-25T19:15:15Z
- Modified
- 2024-10-12T07:32:30.026583Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Tensorflow before version 2.3.1, the
RaggedCountSparseOutputimplementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in thesplitstensor generate a valid partitioning of thevaluestensor. Thus, the code sets up conditions to cause a heap buffer overflow. ABatchedMapis equivalent to a vector where each element is a hashmap. However, if the first element ofsplits_valuesis not 0,batch_idxwill never be 1, hence there will be no hashmap at index 0 inper_batch_counts. Trying to access that in the user code results in a segmentation fault. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. - References
Affected packages
Git / github.com/tensorflow/tensorflow
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tensorflow/tensorflow
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed