Google TensorFlow, an end-to-end open source machine learning platform, is vulnerable to a null pointer dereference in the shape inference code of DeserializeSparse
in versions of TensorFlow prior to 2.7.0. The vulnerability stems from the shape inference function assuming that the serialize_sparse
tensor is a tensor with positive rank.
CPE | Name | Operator | Version |
---|---|---|---|
google tensorflow | lt | 2.7.0 |