CVE-2020-15198: In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input argume
Summary
TensorFlow (an open-source machine learning framework) versions before 2.3.1 have a bug in the `SparseCountSparseOutput` function where it doesn't check that two input arrays called `indices` and `values` have matching sizes. When the code tries to read from both arrays at the same time without this check, it can accidentally access memory outside the bounds of allocated space, which is a serious security risk.
Solution / Mitigation
Update TensorFlow to version 2.3.1 or later. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.
Vulnerability Details
5.4(medium)
EPSS: 0.2%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2020-15198
First tracked: February 15, 2026 at 08:38 PM
Classified by LLM (prompt v3) · confidence: 95%