Skip to main content

Tensorflow CVE-2020-15213

MEDIUM
Buffer Overflow (CWE-119)
2020-09-25 security-advisories@github.com
4.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.0 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Sep 25, 2020 - 19:15 nvd
MEDIUM 4.0

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 83 pypi packages depend on tensorflow (82 direct, 1 indirect)
  • 1 pypi packages depend on tensorflow-cpu (1 direct, 0 indirect)
  • 2 pypi packages depend on tensorflow-gpu (2 direct, 0 indirect)

Ecosystem-wide dependent count for version 2.2.0 and other introduced versions.

DescriptionNVD

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor, attackers can use a very large value to trigger a large allocation. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom Verifier to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.

AnalysisAI

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor, attackers can use a very large value to trigger a large allocation. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom Verifier to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code. Affected products include: Google Tensorflow.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2020-15196 CRITICAL POC
9.9 Sep 25

In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate

CVE-2023-25668 CRITICAL POC
9.8 Mar 25

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.8), this vulnerability is re

CVE-2022-41900 CRITICAL POC
9.8 Nov 18

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.8), this vulnerability is re

CVE-2020-15208 CRITICAL POC
9.8 Sep 25

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of

CVE-2020-15205 CRITICAL POC
9.8 Sep 25

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGr

CVE-2022-41880 CRITICAL POC
9.1 Nov 18

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.1), this vulnerability is re

CVE-2020-15207 CRITICAL POC
9.0 Sep 25

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative value

CVE-2020-15202 CRITICAL POC
9.0 Sep 25

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argu

CVE-2020-15195 HIGH POC
8.8 Sep 25

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` use

CVE-2020-15212 HIGH POC
8.6 Sep 25

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of hea

CVE-2022-41894 HIGH POC
8.1 Nov 18

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 8.1), this vulnerability is remote

CVE-2020-15214 HIGH POC
8.1 Sep 25

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentati

Share

CVE-2020-15213 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy