tensorflow is vulnerable to information disclosure. Lack of validation of weights
tensor against the data in the functions SparseCountSparseOutput
and RaggedCountSparseOutput
allows a user to pass fewer weights than the values for the tensors to read out of heap buffer boundary, potentially disclosing confidential data stored in memory.
CPE | Name | Operator | Version |
---|---|---|---|
tensorflow | le | 2.3.0 | |
tensorflow-gpu | le | 2.3.0 | |
tensorflow-cpu | le | 2.3.0 | |
tensorflow | le | 2.3.0 | |
tensorflow-gpu | le | 2.3.0 | |
tensorflow-cpu | le | 2.3.0 |