In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.raw_ops.SdcaOptimizerV2. The implementation does not check that the length of example_labels is the same as the number of examples.
In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.raw_ops.SdcaOptimizerV2. The implementation does not check that the length of example_labels is the same as the number of examples.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hj3-vjjf-f5m7 https://github.com/tensorflow/tensorflow/commit/a4e138660270e7599793fa438cd7b2fc2ce215a6