PYSEC-2020-273

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-cpu/PYSEC-2020-273.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2020-273

Aliases

Published

2020-09-25T19:15:00Z

Modified

2023-12-06T01:00:16.213136Z

Summary

[none]

Details

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.to_dlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a reinterpret_cast Since the PyObject is a Python object, not a TensorFlow Tensor, the cast to EagerTensor fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.

References

Affected packages

PyPI / tensorflow-cpu

Package

Name: tensorflow-cpu; View open source insights on deps.dev
Purl: pkg:pypi/tensorflow-cpu

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

22e07fb204386768e5bcbea563641ea11f96ceb8

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.1

Introduced

2.3.0rc0

Fixed

2.3.1

Affected versions

1.*

1.15.0

2.*

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.2.0

2.3.0