CVE-2020-26270 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Denial of service
Description	In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1348	tensorflow	2.4.0rc4-2	2.4.0-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
16 Dec 2020	ASA-202012-22	AVG-1348	tensorflow	Critical	multiple issues

References
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m648-33qf-v3gp https://github.com/tensorflow/tensorflow/commit/b550171e78e0a085b208d6a3b8b29ed29faa97ae