In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.Map* and tf.raw_ops.OrderedMap* operations. The implementation has a check in place to ensure that indices is in ascending order, but does not check that indices is not empty.
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.Map* and tf.raw_ops.OrderedMap* operations. The implementation has a check in place to ensure that indices is in ascending order, but does not check that indices is not empty.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qr82-2c78-4m8h https://github.com/tensorflow/tensorflow/commit/532f5c5a547126c634fefd43bbad1dc6417678ac