PT-2020-14263 · Google+1 · Tensorflow+1

Published

2020-09-25

Updated

2024-03-06

CVE-2020-15192

CVSS v4.0

5.3

Medium

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Tensorflow versions prior to 2.2.1 Tensorflow versions prior to 2.3.1

Description The issue occurs when a user passes a list of strings to dlpack.to dlpack, resulting in a memory leak following an expected validation failure. This happens because the status argument during validation failures is not properly checked. Each of the above methods can return an error status, and the status value must be checked before continuing.

Recommendations For versions prior to 2.2.1, upgrade to TensorFlow 2.2.1. For versions prior to 2.3.1, upgrade to TensorFlow 2.3.1. As a temporary workaround, consider checking the status value before continuing after calling dlpack.to dlpack to prevent memory leaks.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BIT-TENSORFLOW-2020-15192

CVE-2020-15192

GHSA-8FXW-76PX-3RXV

OPENSUSE-SU-2020:1766-1

OPENSUSE-SU-2020_1766-1

PYSEC-2020-115

PYSEC-2020-272

PYSEC-2020-307

Affected Products

Suse

Tensorflow

PT-2020-14263 · Google+1 · Tensorflow+1

CVE-2020-15192

Weakness Enumeration

Related Identifiers

Affected Products

References · 37