{"data":{"id":"0eb1d041-647d-4243-8151-edee3a3ca30f","title":"CVE-2020-15198: In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input argume","summary":"TensorFlow (an open-source machine learning framework) versions before 2.3.1 have a bug in the `SparseCountSparseOutput` function where it doesn't check that two input arrays called `indices` and `values` have matching sizes. When the code tries to read from both arrays at the same time without this check, it can accidentally access memory outside the bounds of allocated space, which is a serious security risk.","solution":"Update TensorFlow to version 2.3.1 or later. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2020-15198","publishedAt":"2020-09-25T23:15:15.057Z","cveId":"CVE-2020-15198","cweIds":["CWE-119","CWE-122","CWE-119"],"cvssScore":"5.4","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00169,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}