Описание
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to dlpack.to_dlpack there is a memory leak following an expected validation failure. The issue occurs because the status argument during validation failures is not properly checked. Since each of the above methods can return an error status, the status value must be checked before continuing. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.
Ссылки
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:google:tensorflow:2.2.0:*:*:*:-:*:*:*
cpe:2.3:a:google:tensorflow:2.3.0:*:*:*:-:*:*:*
Конфигурация 2
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00226
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-20
CWE-20
Связанные уязвимости
CVSS3: 4.3
debian
больше 5 лет назад
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list ...
EPSS
Процентиль: 45%
0.00226
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-20
CWE-20