PYSEC-2020-273

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-cpu/PYSEC-2020-273.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2020-273
Aliases
Published
2020-09-25T19:15:00Z
Modified
2023-12-06T01:00:16.213136Z
Summary
[none]
Details

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.to_dlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a reinterpret_cast Since the PyObject is a Python object, not a TensorFlow Tensor, the cast to EagerTensor fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.

References

Affected packages

PyPI / tensorflow-cpu

Package

Affected ranges

Type
GIT
Repo
https://github.com/tensorflow/tensorflow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.1
Introduced
2.3.0rc0
Fixed
2.3.1

Affected versions

1.*

1.15.0

2.*

2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.2.0
2.3.0