Improper Input Validation
CVE-2020-15192
Summary
In Tensorflow 2.2.0rc0 before versions 2.2.1 and 2.3.0rc0 before 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `status` argument during validation failures is not properly checked. Since each of the above methods can return an error status, the `status` value must be checked before continuing.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- NONE
- LOW
CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
References
Advisory Timeline
- Published