AVG-1348 log

Package tensorflow
Status Fixed
Severity Critical
Type multiple issues
Affected 2.4.0rc4-2
Fixed 2.4.0-1
Current 2.18.0-4 [extra-testing]
2.18.0-3 [extra]
Ticket None
Created Fri Dec 11 13:58:53 2020
Issue Severity Remote Type Description
CVE-2020-26271 High No Information disclosure
In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation...
CVE-2020-26270 Low No Denial of service
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when...
CVE-2020-26269 Critical No Information disclosure
In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access...
CVE-2020-26268 Low No Denial of service
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed...
CVE-2020-26267 Low No Information disclosure
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that...
CVE-2020-26266 Low No Information disclosure
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having...
Date Advisory Package Type
16 Dec 2020 ASA-202012-22 tensorflow multiple issues