CVE-2020-15201

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.3.1

Description The RaggedCountSparseOutput implementation does not validate that the input arguments form a valid ragged tensor, specifically that the values in the splits tensor generate a valid partitioning of the values tensor. This lack of validation makes the code prone to heap buffer overflow. If split values does not end with a value at least num values, the while loop condition will trigger a read outside of the bounds of split values once batch idx grows too large.

Recommendations For versions prior to 2.3.1, upgrade to TensorFlow 2.3.1 to resolve the issue. As a temporary workaround, consider adding input validation to ensure that split values ends with a value at least num values to prevent the heap buffer overflow. Restrict access to the RaggedCountSparseOutput implementation until the issue is resolved by upgrading to the patched version.