CVE-2020-15198

CVSS v4.0

6.3

Medium

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.3.1

Description The SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor, specifically that the indices tensor has the same shape as the values one. This can result in accesses outside the bounds of heap allocated buffers due to a shape mismatch, as the values in these tensors are always accessed in parallel.

Recommendations For versions prior to 2.3.1, upgrade to TensorFlow 2.3.1 to resolve the issue. As a temporary workaround, consider validating the shape of the indices and values tensors before passing them to the SparseCountSparseOutput implementation to prevent shape mismatches.

Exploit

Fix

Buffer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-122

Related Identifiers

BIT-TENSORFLOW-2020-15198

CVE-2020-15198

GHSA-JC87-6VPP-7FF3

PYSEC-2020-121

PYSEC-2020-278

PYSEC-2020-313

Affected Products

Tensorflow

CVE-2020-15198

Weakness Enumeration

Related Identifiers

Affected Products

References · 14