Improper Input Validation
CVE-2020-15194
Summary
In Tensorflow before versions 1.15.4, 2.0.x before 2.0.3, 2.1.x before 2.1.2, 2.2.x before 2.2.1 and 2.3.x before 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- LOW
CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
References
Advisory Timeline
- Published