tensorflow is vulnerable to denial of service. The vulnerability exists because the OP_REQUIRES
function of lstm_ops.cc
does not properly check the size validation for BlockLSTMGradV2
, allowing an attacker to cause an application crash through the segmentation fault.
github.com/tensorflow/tensorflow/commit/2a458fc4866505be27c62f81474ecb2b870498fa
github.com/tensorflow/tensorflow/commit/794f4c83ffa7bf4e97f12d5ccbf4fb025a574573
github.com/tensorflow/tensorflow/commit/8ab66d366b550dadb9476d433644294ab1f6dea0
github.com/tensorflow/tensorflow/commit/d06148684e9e5d0cea6a918a7179a167dd2e5547
github.com/tensorflow/tensorflow/pull/57255
github.com/tensorflow/tensorflow/pull/57256
github.com/tensorflow/tensorflow/pull/57257
github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668