| Severity |
|
| Remote |
|
| Type |
| + |
Insufficient validation |
|
| Description |
| + |
In TensorFlow before version 2.6.0 an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The implementation does not validate the input values.and in commit 429f009d2b2c09028647dd4bb7b3f6f414bbaad7. |
|
| References |
| + |
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f5cx-5wr3-5qrc |
| + |
https://github.com/tensorflow/tensorflow/commit/9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad |
| + |
https://github.com/tensorflow/tensorflow/commit/429f009d2b2c09028647dd4bb7b3f6f414bbaad7 |
|
| Notes |
|