Upstream information
Description
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `status` argument during validation failures is not properly checked. Since each of the above methods can return an error status, the `status` value must be checked before continuing. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 4 |
Vector | AV:N/AC:L/Au:S/C:N/I:N/A:P |
Access Vector | Network |
Access Complexity | Low |
Authentication | Single |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Partial |
National Vulnerability Database | |
---|---|
Base Score | 4.3 |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | None |
Scope | Unchanged |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Low |
CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2020:1766-1, published Thu Dec 7 12:55:41 2023
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
openSUSE Leap 15.2 |
| Patchnames: openSUSE-2020-1766 |
SUSE Timeline for this CVE
CVE page created: Sat Sep 26 03:24:40 2020CVE page last modified: Thu Dec 7 13:28:23 2023