| Severity |
|
| Remote |
|
| Type |
| + |
Insufficient validation |
|
| Description |
| + |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case when the argument would be empty. |
|
| References |
| + |
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w4xf-2pqw-5mq7 |
| + |
https://github.com/tensorflow/tensorflow/commit/be7a4de6adfbd303ce08be4332554dff70362612 |
|
| Notes |
|