Tensorflow@2.2.0 Security Vulnerabilities and Issues — Tensorflow@2.2.0 CVE List

Lucene search

GoogleTensorflow2.2.0

3 matches found

CVE•added 2020/09/25 7:15 p.m.•152 views

CVE-2020-15191

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.to_dlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code followi...

5.3CVSS5.4AI score0.00246EPSS

CVE•added 2020/09/25 7:15 p.m.•146 views

CVE-2020-15192

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to dlpack.to_dlpack there is a memory leak following an expected validation failure. The issue occurs because the status argument during validation failures is not properly checked. Since each of the above methods can...

4.3CVSS4.5AI score0.00226EPSS

CVE•added 2020/09/25 7:15 p.m.•136 views

CVE-2020-15193

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.to_dlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing i...

7.1CVSS6.8AI score0.00215EPSS