CVE-2020-15199

Name of the Vulnerable Software and Affected Versions Tensorflow versions prior to 2.3.1

Description The issue arises from the RaggedCountSparseOutput not validating that the input arguments form a valid ragged tensor, specifically lacking validation that the splits tensor has the minimum required number of elements. This leads to a situation where if a user passes a splits tensor that is empty or has exactly one element, the operating system raises a SIGABRT signal. The problem is related to the BatchedMap being equivalent to a vector, which needs at least one element to not be nullptr.

Recommendations For versions prior to 2.3.1, upgrade to TensorFlow 2.3.1 to resolve the issue. As a temporary workaround, consider validating the input to ensure the splits tensor has more than one element before passing it to RaggedCountSparseOutput. Restrict access to the RaggedCountSparseOutput function until the issue is resolved by upgrading to the patched version.