Arbitrary Code Execution

2020-09-2802:05:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

51.5%

JSON

tensorflow is vulnerable to arbitrary code execution. The vulnerability exists through a memory corruption issue in the implementation of dlpack.to_dlpack, as the pybind11 does not restrict Python objects to be parsed and casted.

CPENameOperatorVersion
tensorflow-cpueq2.3.0
tensorflow-cpueq2.2.0
tensorflow-gpueq2.3.0
tensorflow-gpueq2.2.0
tensorfloweq2.3.0
tensorfloweq2.2.0
tensorflow-cpueq2.3.0
tensorflow-cpueq2.2.0
tensorflow-gpueq2.3.0
tensorflow-gpueq2.2.0

Name	Operator	Version
tensorflow-cpu	eq	2.3.0
tensorflow-cpu	eq	2.2.0
tensorflow-gpu	eq	2.3.0
tensorflow-gpu	eq	2.2.0
tensorflow	eq	2.3.0
tensorflow	eq	2.2.0
tensorflow-cpu	eq	2.3.0
tensorflow-cpu	eq	2.2.0
tensorflow-gpu	eq	2.3.0
tensorflow-gpu	eq	2.2.0