CVE-2020-15207

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1

Description The issue arises from TensorFlow's attempt to mimic Python's indexing with negative values using ResolveAxis to convert negative values to positive indices. However, the check for a valid converted index is only present in debug builds. If this check does not trigger, the code proceeds with a negative index, leading to out-of-bounds data access, which can cause segfaults and/or data corruption.

Recommendations To resolve the issue, upgrade to TensorFlow 1.15.4 or later. To resolve the issue, upgrade to TensorFlow 2.0.3 or later. To resolve the issue, upgrade to TensorFlow 2.1.2 or later. To resolve the issue, upgrade to TensorFlow 2.2.1 or later. To resolve the issue, upgrade to TensorFlow 2.3.1 or later.