{"id":"CVE-2020-15199","details":"In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since `BatchedMap` is equivalent to a vector, it needs to have at least one element to not be `nullptr`. If user passes a `splits` tensor that is empty or has exactly one element, we get a `SIGABRT` signal raised by the operating system. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.","aliases":["BIT-tensorflow-2020-15199","GHSA-x5cp-9pcf-pp3h","PYSEC-2020-122","PYSEC-2020-279","PYSEC-2020-314"],"modified":"2026-02-20T16:42:13.873584Z","published":"2020-09-25T19:15:15.167Z","related":["GHSA-x5cp-9pcf-pp3h"],"references":[{"type":"ADVISORY","url":"https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02"},{"type":"ADVISORY","url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"},{"type":"ADVISORY","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x5cp-9pcf-pp3h"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02"},{"type":"EVIDENCE","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x5cp-9pcf-pp3h"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"0"},{"last_affected":"b36436b087bd8e8701ef51718179037cccdfc26e"}]}],"versions":["0.12.0-rc0","0.12.0-rc1","0.12.1","0.5.0","0.6.0","v0.10.0","v0.10.0rc0","v0.11.0","v0.11.0rc0","v0.11.0rc1","v0.11.0rc2","v0.12.0","v0.7.0","v0.7.1","v0.8.0rc0","v0.9.0","v0.9.0rc0","v1.0.0","v1.0.0-alpha","v1.0.0-rc0","v1.0.0-rc1","v1.0.0-rc2","v1.1.0","v1.1.0-rc0","v1.1.0-rc1","v1.1.0-rc2","v1.12.0","v1.12.0-rc0","v1.12.0-rc1","v1.12.0-rc2","v1.12.1","v1.2.0","v1.2.0-rc0","v1.2.0-rc1","v1.2.0-rc2","v1.3.0-rc0","v1.3.0-rc1","v1.5.0","v1.5.0-rc0","v1.5.0-rc1","v1.6.0","v1.6.0-rc0","v1.6.0-rc1","v1.7.0","v1.7.0-rc0","v1.7.0-rc1","v1.8.0","v1.8.0-rc0","v1.8.0-rc1","v1.9.0","v1.9.0-rc0","v1.9.0-rc1","v1.9.0-rc2","v2.3.0","v2.3.0-rc0","v2.3.0-rc1","v2.3.0-rc2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15199.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}