Lucene search
GoogleOSV:PYSEC-2020-254HistoryDec 10, 2020 - 11:15 p.m.
PYSEC-2020-254
2020-12-1023:15:00
Google
osv.dev
15
tensorflow
vulnerability
saved model
uninitialized values
software
eigen
EPSS
0.001
Percentile
38.5%
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
Related
osv
osv
PYSEC-2020-297
2020-12-10 23:15:00
BIT-tensorflow-2020-26266
2024-03-06 11:20:18
PYSEC-2020-332
2020-12-10 23:15:00
github
github
Uninitialized memory access in TensorFlow
2020-12-10 19:07:24
veracode
veracode
Arbitrary Code Execution
2020-12-11 03:15:44
cvelist
cvelist
CVE-2020-26266 Uninitialized memory access in Eigen types in TensorFlow
2020-12-10 22:10:47
nvd
nvd
CVE-2020-26266
2020-12-10 23:15:12
prion
prion
Design/Logic Flaw
2020-12-10 23:15:00
cve
cve
CVE-2020-26266
2020-12-10 23:15:12
ibm
ibm
archlinux
archlinux
[ASA-202012-22] tensorflow: multiple issues
2020-12-16 00:00:00
suse
suse
Security update for tensorflow2 (moderate)
2022-06-18 00:00:00
nessus
nessus
openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)
2022-06-19 00:00:00