PYSEC-2019-234

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-gpu/PYSEC-2019-234.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2019-234
Aliases
Published
2019-12-16T21:15:00Z
Modified
2023-11-01T04:50:40.426044Z
Summary
[none]
Details

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case datasize and numsegments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0.

References

Affected packages

PyPI / tensorflow-gpu

Package

Affected ranges

Type
GIT
Repo
https://github.com/tensorflow/tensorflow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
ECOSYSTEM
Events
Introduced
1.0.0
Fixed
1.15.0

Affected versions

1.*

1.0.0
1.0.1
1.1.0
1.2.0
1.2.1
1.3.0
1.4.0
1.4.1
1.5.0
1.5.1
1.6.0
1.7.0
1.7.1
1.8.0
1.9.0
1.10.0
1.10.1
1.11.0
1.12.0
1.12.2
1.12.3
1.13.1
1.13.2
1.14.0