CVE-2020-15206

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1

Description Changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-serving or other inference-as-a-service installments.

Recommendations Upgrade to TensorFlow 1.15.4 Upgrade to TensorFlow 2.0.3 Upgrade to TensorFlow 2.1.2 Upgrade to TensorFlow 2.2.1 Upgrade to TensorFlow 2.3.1

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BIT-TENSORFLOW-2020-15206

CVE-2020-15206

GHSA-W5GH-2WR2-PM6G

OPENSUSE-SU-2020:1766-1

OPENSUSE-SU-2020_1766-1

OPENSUSE-SU-2024:12116-1

PYSEC-2020-129

PYSEC-2020-286

PYSEC-2020-321

Affected Products

Suse

Tensorflow

CVE-2020-15206

Weakness Enumeration

Related Identifiers

Affected Products

References · 40