CVE-2020-26270

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 1.15.5 TensorFlow versions prior to 2.0.4 TensorFlow versions prior to 2.1.3 TensorFlow versions prior to 2.2.2 TensorFlow versions prior to 2.3.2 TensorFlow versions prior to 2.4.0

Description In affected versions of TensorFlow, running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer.

Recommendations For versions prior to 1.15.5, update to version 1.15.5 or later. For versions prior to 2.0.4, update to version 2.0.4 or later. For versions prior to 2.1.3, update to version 2.1.3 or later. For versions prior to 2.2.2, update to version 2.2.2 or later. For versions prior to 2.3.2, update to version 2.3.2 or later. For versions prior to 2.4.0, update to version 2.4.0 or later. As a temporary workaround, consider restricting user control over the input to the LSTM/GRU layer until a patch is applied.