CVE-2020-26267 log
| Source |
|
| Severity | Low |
| Remote | No |
| Type | Information disclosure |
| Description | In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1348 | tensorflow | 2.4.0rc4-2 | 2.4.0-1 | Critical | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 16 Dec 2020 | ASA-202012-22 | AVG-1348 | tensorflow | Critical | multiple issues |
| References |
|---|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7 https://github.com/tensorflow/tensorflow/commit/ffea0239373512240bb17101b5a5992de26aa5a4 |