In TensorFlow before version 2.6.0 an attacker can cause a denial of service in boosted_trees_create_quantile_stream_resource by using negative arguments. The implementation does not validate that num_streams only contains non-negative numbers. In turn, this results in using this value to allocate memory. However, reserve receives an unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned. This results in a crash from the standard library.
In TensorFlow before version 2.6.0 an attacker can cause a denial of service in boosted_trees_create_quantile_stream_resource by using negative arguments. The implementation does not validate that num_streams only contains non-negative numbers. In turn, this results in using this value to allocate memory. However, reserve receives an unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned. This results in a crash from the standard library.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf88-j2mg-cc82 https://github.com/tensorflow/tensorflow/commit/8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992
Vulmon