| Severity |
|
| Remote |
|
| Type |
| + |
Insufficient validation |
|
| Description |
| + |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empty tensors. |
|
| References |
| + |
https://github.com/tensorflow/tensorflow/commit/578e634b4f1c1c684d4b4294f9e5281b2133b3ed |
| + |
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v768-w7m9-2vmm |
|
| Notes |
|