In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empty tensors.
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empty tensors.
https://github.com/tensorflow/tensorflow/commit/578e634b4f1c1c684d4b4294f9e5281b2133b3ed https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v768-w7m9-2vmm