PYSEC-2020-298

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-cpu/PYSEC-2020-298.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2020-298

Aliases

Published

2020-12-10T23:15:00Z

Modified

2023-12-06T00:45:26.701514Z

Summary

[none]

Details

In affected versions of TensorFlow the tf.rawops.DataFormatVecPermute API does not validate the srcformat and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

References

Affected packages

PyPI / tensorflow-cpu

Package

Name: tensorflow-cpu; View open source insights on deps.dev
Purl: pkg:pypi/tensorflow-cpu

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ebc70b7a592420d3d2f359e4b1694c236b82c7ae

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.15.5

Introduced

2.0.0

Fixed

2.0.4

Introduced

2.1.0

Fixed

2.1.3

Introduced

2.2.0

Fixed

2.2.2

Introduced

2.3.0

Fixed

2.3.2

Affected versions

1.*

1.15.0

2.*

2.1.0

2.1.1

2.1.2

2.2.0

2.2.1

2.3.0

2.3.1