tensorflow is vulnerable to arbitrary code execution. The vulnerability exists through a memory corruption issue in the implementation of dlpack.to_dlpack
, as the pybind11
does not restrict Python objects to be parsed and casted.
lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html
github.com/advisories/GHSA-rjjg-hgv6-h69v
github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8
github.com/tensorflow/tensorflow/releases/tag/v2.3.1
github.com/tensorflow/tensorflow/security/advisories/GHSA-rjjg-hgv6-h69v