—

PYSEC-2020-118

Details

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / tensorflow

Introduced in: 0 Fixed in: 390611e0d45c5793c7066110af37c8514e6a6c54

Fix pip install --upgrade 'tensorflow>=390611e0d45c5793c7066110af37c8514e6a6c54'

References

https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54 [FIX]
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 [WEB]
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-63xm-rx5p-xvqr [ADVISORY]
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html [WEB]