CVE-2020-15202

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1

Description The Shard API in TensorFlow expects the last argument to be a function taking two int64 arguments. However, there are several places in TensorFlow where a lambda taking int or int32 arguments is being used. This can result in integer truncation, leading to segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption.

Recommendations To resolve the issue, upgrade to TensorFlow 1.15.4 or later. To resolve the issue, upgrade to TensorFlow 2.0.3 or later. To resolve the issue, upgrade to TensorFlow 2.1.2 or later. To resolve the issue, upgrade to TensorFlow 2.2.1 or later. To resolve the issue, upgrade to TensorFlow 2.3.1 or later.

Exploit

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-197CWE-754

Related Identifiers

BIT-TENSORFLOW-2020-15202

CVE-2020-15202

GHSA-H6FG-MJXG-HQQ4

OPENSUSE-SU-2020:1766-1

OPENSUSE-SU-2020_1766-1

OPENSUSE-SU-2024:12116-1

PYSEC-2020-125

PYSEC-2020-282

PYSEC-2020-317

Affected Products

Suse

Tensorflow

CVE-2020-15202

Weakness Enumeration

Related Identifiers

Affected Products

References · 38