Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of Service in Tensorflow
Vulnerability Description
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since `BatchedMap` is equivalent to a vector, it needs to have at least one element to not be `nullptr`. If user passes a `splits` tensor that is empty or has exactly one element, we get a `SIGABRT` signal raised by the operating system. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Google TensorFlow 输入验证错误漏洞
Vulnerability Description
Google TensorFlow是美国谷歌(Google)公司的一套用于机器学习的端到端开源平台。 Tensorflow 2.3.1之前版本中存在安全漏洞,该漏洞源于RaggedCountSparseOutput不会验证输入参数是否形成有效的参差张量。
CVSS Information
N/A
Vulnerability Type
N/A