http://bugzilla.opensuse.org/show_bug.cgi?id=1179938 Bug ID: 1179938 Summary: VUL-1: CVE-2020-26270: tensorflow, tensorflow2: zero-length input in LSTM/GRU layer can cause DoS Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other URL: https://smash.suse.de/issue/273151/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: cgoll@suse.com Reporter: jsegitz@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2020-26270 In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. Leap and Factory affected References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26270 https://github.com/tensorflow/tensorflow/commit/14755416e364f17fb1870882fa77... https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m648-33qf-... -- You are receiving this mail because: You are on the CC list for the bug.