Skip to main content

Tensorflow CVE-2020-15196

CRITICAL
Buffer Overflow (CWE-119)
2020-09-25 security-advisories@github.com
9.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 25, 2020 - 19:15 nvd
CRITICAL 9.9

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 64 pypi packages depend on tensorflow (62 direct, 2 indirect)
  • 1 pypi packages depend on tensorflow-cpu (1 direct, 0 indirect)
  • 1 pypi packages depend on tensorflow-gpu (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 2.3.0 and other introduced versions.

DescriptionNVD

In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.

AnalysisAI

In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. Affected products include: Google Tensorflow. Version information: version 2.3.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2023-25668 CRITICAL POC
9.8 Mar 25

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.8), this vulnerability is re

CVE-2022-41900 CRITICAL POC
9.8 Nov 18

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.8), this vulnerability is re

CVE-2020-15208 CRITICAL POC
9.8 Sep 25

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of

CVE-2020-15205 CRITICAL POC
9.8 Sep 25

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGr

CVE-2022-41880 CRITICAL POC
9.1 Nov 18

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.1), this vulnerability is re

CVE-2020-15207 CRITICAL POC
9.0 Sep 25

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative value

CVE-2020-15202 CRITICAL POC
9.0 Sep 25

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argu

CVE-2020-15195 HIGH POC
8.8 Sep 25

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` use

CVE-2020-15212 HIGH POC
8.6 Sep 25

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of hea

CVE-2022-41894 HIGH POC
8.1 Nov 18

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 8.1), this vulnerability is remote

CVE-2020-15214 HIGH POC
8.1 Sep 25

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentati

CVE-2022-29216 HIGH POC
7.8 May 21

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low at

Share

CVE-2020-15196 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy