Skip to content

Float cast overflow undefined behavior

Low
mihaimaruseac published GHSA-xwhf-g6j5-j5gc Oct 20, 2020

Package

tensorflow, tensorflow-cpu, tensorflow-gpu (tensorflow)

Affected versions

< 2.4.0

Patched versions

2.4.0

Description

Impact

When the boxes argument of tf.image.crop_and_resize has a very large value, the CPU kernel implementation receives it as a C++ nan floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault.

Patches

We have patched the issue in c031923 and will release TensorFlow 2.4.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported in #42129

Severity

Low

CVE ID

CVE-2020-15266

Weaknesses

No CWEs