CVE-2020-15196

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow version 2.3.0

Description The SparseCountSparseOutput and RaggedCountSparseOutput implementations do not validate that the weights tensor has the same shape as the data. This can lead to a read from outside the bounds of the heap buffer allocated for the weights if a user passes fewer weights than the values for the tensors. The issue is related to the parallel access of weights and data in the sparse and ragged count operations.

Recommendations For TensorFlow version 2.3.0, upgrade to TensorFlow version 2.3.1 to resolve the issue. As a temporary workaround, consider validating the shape of the weights tensor to ensure it matches the shape of the data before performing the count operations. Restrict access to the SparseCountSparseOutput and RaggedCountSparseOutput implementations until the issue is resolved.

Exploit

Fix

Buffer Overflow

Heap Based Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-122CWE-125

Related Identifiers

BIT-TENSORFLOW-2020-15196

CVE-2020-15196

GHSA-PG59-2F92-5CPH

PYSEC-2020-119

PYSEC-2020-276

PYSEC-2020-311

Affected Products

Tensorflow

CVE-2020-15196

Weakness Enumeration

Related Identifiers

Affected Products

References · 14