← Back to CVE List

CVE-2020-15195

Published: 2020-09-25T19:15Z
Last Modified: 2024-11-21T05:05Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt