Lucene search
K

47 matches found

OSV
OSV
added 2020/09/25 7:15 p.m.3 views

PYSEC-2020-114

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...

5.3CVSS6.1AI score0.00749EPSS
Exploits1References4
Prion
Prion
added 2020/09/25 7:15 p.m.18 views

Memory corruption

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...

5.5CVSS6.7AI score0.00681EPSS
Exploits1References4Affected Software2
PyPA
PyPA
added 2020/09/25 7:15 p.m.6 views

PYSEC-2020-114

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...

5.3CVSS7.1AI score0.00749EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2020/09/25 7:15 p.m.4 views

PYSEC-2020-307

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to dlpack.todlpack there is a memory leak following an expected validation failure. The issue occurs because the status argument during validation failures is not properly checked. Since each of the above methods ca...

4.3CVSS5.8AI score0.00684EPSS
Exploits1References4
OSV
OSV
added 2020/09/25 7:15 p.m.6 views

PYSEC-2020-272

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to dlpack.todlpack there is a memory leak following an expected validation failure. The issue occurs because the status argument during validation failures is not properly checked. Since each of the above methods ca...

4.3CVSS5.8AI score0.00684EPSS
Exploits1References4
OSV
OSV
added 2020/09/25 7:15 p.m.4 views

PYSEC-2020-306

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...

5.3CVSS5.9AI score0.00749EPSS
Exploits1References4
PyPA
PyPA
added 2020/09/25 7:15 p.m.7 views

PYSEC-2020-307

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to dlpack.todlpack there is a memory leak following an expected validation failure. The issue occurs because the status argument during validation failures is not properly checked. Since each of the above methods ca...

4.3CVSS6.7AI score0.00684EPSS
Exploits1References4Affected Software1
PyPA
PyPA
added 2020/09/25 7:15 p.m.9 views

PYSEC-2020-271

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...

5.3CVSS7.1AI score0.00749EPSS
Exploits1References4Affected Software1
PyPA
PyPA
added 2020/09/25 7:15 p.m.6 views

PYSEC-2020-273

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...

7.1CVSS7.1AI score0.00681EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2020/09/25 7:15 p.m.5 views

PYSEC-2020-273

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...

7.1CVSS7AI score0.00681EPSS
Exploits1References4
PyPA
PyPA
added 2020/09/25 7:15 p.m.10 views

PYSEC-2020-308

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...

7.1CVSS7.1AI score0.00681EPSS
Exploits1References4Affected Software1
PyPA
PyPA
added 2020/09/25 7:15 p.m.6 views

PYSEC-2020-115

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to dlpack.todlpack there is a memory leak following an expected validation failure. The issue occurs because the status argument during validation failures is not properly checked. Since each of the above methods ca...

4.3CVSS6.7AI score0.00684EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2020/09/25 7:15 p.m.7 views

PYSEC-2020-271

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...

5.3CVSS6.1AI score0.00749EPSS
Exploits1References4
CVE
CVE
added 2020/09/25 6:41 p.m.169 views

CVE-2020-15191

CVE-2020-15191 is a TensorFlow vulnerability affecting dlpack.to_dlpack. In TF versions prior to 2.2.1 and 2.3.1, passing an invalid argument to to_dlpack allows the code to bind references to null pointers due to improper status handling, leading to undefined behavior when compiled with -fsaniti...

5.3CVSS5.4AI score0.00749EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2020/09/25 6:41 p.m.3 views

CVE-2020-15191

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...

5.3CVSS7.1AI score0.00749EPSS
Exploits1
CVE
CVE
added 2020/09/25 6:40 p.m.160 views

CVE-2020-15192

CVE-2020-15192 affects TensorFlow and is a memory leak in the dlpack.to_dlpack path when a list of strings is passed. Root cause: the status argument used during validation failures isn’t checked, allowing a potentially failing status to be ignored and leading to memory leakage. Affected: TensorF...

4.3CVSS4.5AI score0.00684EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2020/09/25 6:40 p.m.31 views

CVE-2020-15193 Memory corruption in Tensorflow

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...

7.1CVSS6.9AI score0.00681EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2020/09/25 6:40 p.m.3 views

CVE-2020-15193

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...

7.1CVSS7AI score0.00681EPSS
Exploits1
OSV
OSV
added 2020/09/25 6:28 p.m.6 views

GHSA-RJJG-HGV6-H69V Memory corruption in Tensorflow

Impact The implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor:...

7.1CVSS6.9AI score0.00681EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2020/09/25 6:28 p.m.47 views

Memory corruption in Tensorflow

Impact The implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor:...

7.1CVSS2.4AI score0.00681EPSS
Exploits1References9Affected Software3
Rows per page
Query Builder