tensorflow is vulnerable to denial of service (DoS). The vulnerability exists through a null pointer dereference that occurs in c/eager/dlpack.cc
through an invalid argument to dlpack.to_dlpack
.
lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html
github.com/advisories/GHSA-q8qj-fc9q-cphr
github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8
github.com/tensorflow/tensorflow/releases/tag/v2.3.1
github.com/tensorflow/tensorflow/security/advisories/GHSA-q8qj-fc9q-cphr