Skip to main content

Tensorflow CVE-2020-15191

MEDIUM
Improper Input Validation (CWE-20)
2020-09-25 security-advisories@github.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Sep 25, 2020 - 19:15 nvd
MEDIUM 5.3

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 pypi packages depend on tensorflow-cpu (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 2.2.0.

DescriptionNVD

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.to_dlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with -fsanitize=null. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.

AnalysisAI

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.to_dlpack the expected validations will cause variables to bind to nullptr while setting a status. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-20. In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.to_dlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with -fsanitize=null. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1. Affected products include: Google Tensorflow, Opensuse Leap.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-15196 CRITICAL POC
9.9 Sep 25

In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate

CVE-2023-25668 CRITICAL POC
9.8 Mar 25

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.8), this vulnerability is re

CVE-2022-41900 CRITICAL POC
9.8 Nov 18

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.8), this vulnerability is re

CVE-2020-15208 CRITICAL POC
9.8 Sep 25

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of

CVE-2020-15205 CRITICAL POC
9.8 Sep 25

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGr

CVE-2022-41880 CRITICAL POC
9.1 Nov 18

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.1), this vulnerability is re

CVE-2020-15207 CRITICAL POC
9.0 Sep 25

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative value

CVE-2020-15202 CRITICAL POC
9.0 Sep 25

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argu

CVE-2020-15195 HIGH POC
8.8 Sep 25

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` use

CVE-2020-15212 HIGH POC
8.6 Sep 25

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of hea

CVE-2022-41894 HIGH POC
8.1 Nov 18

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 8.1), this vulnerability is remote

CVE-2020-15214 HIGH POC
8.1 Sep 25

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentati

Share

CVE-2020-15191 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy