Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in Google TensorFlow RaggedCross. An attacker can exploit the vulnerability by passing invalid tensor values to tf.rawops.RaggedCross to cause a heap out-of-bounds read...

PYSEC-2020-308

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...

PT-2020-14264 · Google +1 · Tensorflow +1

Name of the Vulnerable Software and Affected Versions: Tensorflow versions prior to 2.2.1 Tensorflow versions prior to 2.3.1 Description: The implementation of dlpack.to dlpack can be made to use uninitialized memory, resulting in further memory corruption. This occurs because the pybind11 glue...