1## TFSA-2020-033: CHECK-fail in LSTM with zero-length input 2 3### CVE Number 4CVE-2020-26270 5 6### Impact 7Running an LSTM/GRU model where the LSTM/GRU layer receives an input with 8zero-length results in a `CHECK` failure when using the CUDA backend. 9 10This can result in a query-of-death vulnerability, via denial of service, if 11users can control the input to the layer. 12 13### Patches 14 15We have patched the issue in GitHub commit 16[14755416e364f17fb1870882fa778c7fec7f16e3](https://github.com/tensorflow/tensorflow/commit/14755416e364f17fb1870882fa778c7fec7f16e3) 17and will release TensorFlow 2.4.0 containing the patch. TensorFlow nightly 18packages after this commit will also have the issue resolved. 19 20Since this issue also impacts TF versions before 2.4, we will patch all releases 21between 1.15 and 2.3 inclusive. 22 23### For more information 24Please consult [our security 25guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for 26more information regarding the security model and how to contact us with issues 27and questions. 28