tensorflow is vulnerable to a Double Free attack. The vulnerability occurs when when the first and the fourth elements of the pooling_ratio
function has parameters not equal to 1.0
in nn_ops.fractional_avg_pool_v2
and nn_ops.fractional_max_pool_v2
because pooling on batch and channel dimensions is not supported. An attacker can cause a Denial of Service or possibly alter the execution flow.
github.com/advisories/GHSA-f49c-87jh-g47q
github.com/tensorflow/tensorflow/commit/3623ade20209729ee66963bbdafbc036986df4b0
github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307
github.com/tensorflow/tensorflow/pull/59543
github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q