## TFSA-2020-011: Data leak in `tf.raw_ops.StringNGrams` ### CVE Number CVE-2020-15205 ### Impact The `data_splits` argument of [`tf.raw_ops.StringNGrams`](https://www.tensorflow.org/api_docs/python/tf/raw_ops/StringNGrams) lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory ```python >>> tf.raw_ops.StringNGrams(data=["aa", "bb", "cc", "dd", "ee", "ff"], data_splits=[0,8], separator=" ", ngram_widths=[3], left_pad="", right_pad="", pad_width=0, preserve_short_sequences=False) StringNGrams(ngrams=