| Severity |
|
| Remote |
|
| Type |
| + |
Insufficient validation |
|
| Description |
| + |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.UnicodeEncode. The implementation reads the first dimension of the input_splits tensor before validating that this tensor is not empty. |
|
| References |
| + |
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w74j-v8xh-3w5h |
| + |
https://github.com/tensorflow/tensorflow/commit/2e0ee46f1a47675152d3d865797a18358881d7a6 |
|
| Notes |
|